Link to home
Start Free TrialLog in
Avatar of wally_davis
wally_davisFlag for United States of America

asked on

psexec giving Access Is Denied error when attempting to run a command on remote system

I am PsExecing to a remote computer to launch a batch file named remote_fd_info.cmd.
In that command it runs the following: fcinfo | find "PortWWN" >> test.txt file.
I'm passing the credentials I need on the remote system and therefore I shouldn't get the Access Is Denied error/Exit Error Code 255. I tried the PsExec -s -i switches but got an exit error code = 1.
Can anyone tell me what I'm missing?
Thanks Experts,

For /f %%s In (%fcinfo_dir%\servers.txt) Do (%ps_exec% \\%%s  -u %user% -p %pswd% c:\progra~1\fcinfo\remote_fc_info.cmd)

Open in new window

Avatar of Qlemo
Flag of Germany image

Firstly, you should not use the shortened form of folders, because that might be different on different PCs. Use
   "C:\Program Folders\fcinfo\remote_fc_info.cmd"
or even better

Your error message result from either lacking access privileges to the Program Files\fcinfo folder or the cmd file therein (unlikely), or from lacking privileges from executing one of the commands contained in your cmd file. I assume you can run the batch successful when logged in on a machine. Then you should allow for echoing in your cmd, to see where it errors out.
If I may ask. Do you have RPC service enabled on the remote computer? This is  a requirement to run  psexec remotely.

You can check your service status by going to run and typing "services.msc" or using psService to check availability on both computers.
Avatar of wally_davis


Since I have access to my current laptop and the Server I am remoting into, I'm not certain why at this point it fails. My suspicion is that somehow my DOS Script will be limited to remote execution privleges that I'm not aware of how to implement at this point.
Instead, I changed up my code to have PsExec execute this line of code:

For /f %%s In (%fcinfo_dir%\servers.txt) Do (%ps_exec% \\%%s -u %user% -p %pswd% "c:\program files\fcinfo\fcinfo.exe | find ""PortWWN"" >> c:\program files\fcinfo\test.txt")

However, I get the error "The filename, directory name, or volume label syntax is incorrect.".
I'm certain the syntax is correct but what I'm not sure of is if PsExec is possibly failing on the piping of an additional command. DOS is strange in its syntax at times and I've not found anything from Sysinternals on whether or not you could execute two commands in a remote DOS Session.
Any ideas on what the failure could be?
Avatar of Qlemo
Flag of Germany image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hey Qlemo, I tried your syntax and it failed with the same error plus "cmd exited on SERVER with Error code 1".
I've tried so many Character escapes and sequences I don't know which direction is up or down.
I'll try some other variations. Any other suggestions?
Ok, I've changed my code around to call the batch file named remote_fc_info.cmd on the Server.
1. For /f %%s In (%fcinfo_dir%\servers.txt) Do (%ps_exec% \\%%s  -u %user% -p %pswd% cmd /c "%ProgramFiles%\fcinfo\remote_fc_info.cmd")

2. cd \
cd "program files\fcinfo"
:: fcinfo ^| find "PortWWN" ^>^> test.txt
fcinfo ^>^> test.txt
fcinfo (<-- by itself will output the data I need but its useless if I can't append it to a file)

It appears that the problem is appending the data to the test.txt file

I thought PsExec would impersonate and pass your credentials? Any ideas on what is preventing me from appending the data to test.txt?

I'm a little confused by your last post - do you show different ways you called stuff in your command file?

The working folder when executing psexec is system32, where you can't create files on Vista and W7. So if you do not provide the folder together with the text file, or change folders prior to execution, you will get an access denied error. Are you really trying to create the file on the machine you execute fcinfo on? Or do you want to have that file where you start psexec from?

In the batch file you do NOT need to escape anything. You only need if you provide the complete commandline in psexec.

Some difficulties arise with psexec and escaping, but using double quotes overcomes that, AFAIK.
Your usage of using parens around the psexec call adds another difficulty and maybe need to escape again just for that reason, because parens start a new cmd shell. You do not need those parens.

well, what I would really like to do is have the output from the FcInfo.exe that is executed on the remote server, sent back to a log file on my laptop where I am running the PsExec utility. But, I've changed my code I don't know how many times tryiing workaround PsExec. I should have probably just built a VBScript instead since it appears there are a lot of limitations in DOS and PsExec.

All I want to do is to get this PsExec command to work. If not, onto VBScript.
You are overcomplicating things.
(For /f %%s In (%fcinfo_dir%\servers.txt) Do %ps_exec% \\%%s  -u %user% -p %pswd% "^%ProgramFiles^%\fcinfo\fcinfo.exe") 2>nul | find "PortWWN" > test.txt

Open in new window

should do what you need. It executes fcinfo on all servers, collects the output, suppressing psexec related stuff, and processes that on your laptop.
I just realized that the code your ate trying to execute is on the remote server and it is telling you the directory is wrong. You are trying to echo to your local drive from the remote executable. This won't work unless you have a share setup or a FTP server to the file back. You should have some kind of folder on the remote computer to store the log file and then either have psexec send a FTP -I:commands.txt(FTP commands in this file) that will upload the file to the FTP server on the local computer with psexec or just use the share address as a echo point instead of a local address(giving access denied).

Share example would look something like this  psexec -u user -p pass cmd.exe /c %ProgramFiles%\fcinfo.exe >> \\local computers ip address\c$\temp\log.txt | find "PortWWN"

Pipe from the remote endpoint to the local pc share creating your desired information.
Wrong. Redirection is executed locally, before psexec can get a grab on it, so all the share stuff said above is void. That is
(a) The way my psexec scripts work
(b) tested with the above commandline (of course using something different from fcinfo.exe).
I don't think I'm overcomplicating as much as there are limitations to what the PsExec code does or what I expected it to do.
The code doesn't run whatsoever:
(For /f %%s In (%fcinfo_dir%\servers.txt) Do %ps_exec% \\%%s  -u %user% -p %pswd% "^%ProgramFiles^%\fcinfo\fcinfo.exe") 2>nul | find "PortWWN" > test.txt

Doesn't do anything. No code runs whatsoever.
Sorry, my intention is not to be rude and I didn't mean to repeat my same claim twice. I meant to edit the last line.
Well, I could test anything with exception of fcinfo.exe, with success. So the issue has to be there.
Debugging is easy: remove 2>nul to display psexec messages, remove anything after 2>nul for complete output..

You are right somehow - psexec has several limits, but I don't think any of them apply here.
Once I gut this portion of the command out --> 2>nul ^| find "PortWWN" ^> test.txt <--, it outputs the data fine. Here is the output:
There are 4 adapters:
  abc.qwxyz-QLE2462-0: PortWWN: 21:00:00:1b:32:9e:dc:2e
  abc.qwxyz-QLE2462-1: PortWWN: 21:01:00:1b:32:be:dc:2e
  abc.qwxyz-QLE2462-2: PortWWN: 21:00:00:1b:32:9e:73:2d
  abc.qwxyz-QLE2462-3: PortWWN: 21:01:00:1b:32:be:73:2d
So, I'm not sure what to do at this point since psexec is not doing what I need. I'm pondering just kicking that to the curb and using vbscript. I'm about exhausted. I do appreciate your help Qlemo :)
Once I gut this portion of the command out --> 2>nul ^| find "PortWWN" ^> test.txt <--,
Do you see the caret before the "greater"? That one is wrong, and not contained in my or your prior posts, so I could not yet detect that. However, FIND should generate an error:
    echo x | find "x" ^>
says "Access Denied" - because FIND tries to access a file with a special character "greater", which is not allowed.
Hmmm. Are there any other methods by which I could send the output data to a file either on the remot server of on my local laptop?
Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
All methods require to get local or remote file redirection working - so no real alternatives.
VBS allows for catching output, but I don't know if you can that remote.

But what is the issue? If you correct above, it should run!
ok guys, you have both tremendous in helping me understand DOS Syntax and I'm almost home on this one. I ran some commands from the Server natively and this part of the command works when I use Right-Click on the DOS Cmd Shell Icon and select "Run As Admnistrator" and then type in these commands.
- cd \
- cd program files\fcinfo
- c:\program files\fcinfo\fcinfo.exe | find "PortWWN" >> "c:\program files\fcinfo\test.txt"

When I get the command setup on my side it looks like this:
For /f %%s In (%fcinfo_dir%\servers.txt) Do %ps_exec% \\%%s  -u %user% -p %pswd% cmd /c c:\progra~1\fcinfo\fcinfo.exe ^| find ""PortWWN"" ^>^> c:\progra~1\fcinfo\test.txt. BUT, I get the error "Access is denied. CMD exited on SERVER1 with error code 255".

If I removed the cmd /c option then it gives me all of the fcinfo.exe's output options and arguments and then gives me the error "c:\progra~1\fcinfo\fcinfo.exe on SERVER1 with error code 1".

So I have to believe that entire command I gave you above works with the exception that it must require the Administrator account priveleges. What I don't understand is if my account is in a Security Group that is under the Administrators group, it should work. This doesn't make sense.
I pass in my Username and password like this to the script --> Fc_Test.cmd domain/account password. So I'm not even sure why I would require the Run As. Is there a case where I would require the Run As option and do either of you know if you can syntactically pass in the Run As command with the command I have above or am I just plain, lol, screwed?
Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Is your operating system windows 7 or is it a earlier edition?
Thank you Qlemo for walking me through the process. For you're solution that I chose, for appending the data to a text file, this syntax worked --> ^>^> instead of ">>" . But maybe it depends on the platform you're running the script from so both syntaxes may work. I awarded Russel 100 points for his explanation on how the PsExec process works on the remote server.