• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3161
  • Last Modified:

cant remote install using psexec

I'm trying to install adobe flash player active x from the command line and I receive this error below when running the script. I'm running the script as domain admin and the everyone, domain users and domain computer security groups all have full control permissions to the share folder and co-owner permissions to the share. I can also install the package manually and reach the share from the computer using \\servername\share

 msiexec exited on 10.1.20.164 with error code 1619.

here's the script:


C:\Users\hrice>psexec \\10.1.20.164 -u abc\admin -p password!! msiexec /i "\\abc-fs\comp
any\IT\Shared\Adobe Flash Player\install_flash_player_11_active_x.msi\install_flash_play
er_active_x.msi" /qn

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


T h i s   i n s t a l l a t i o n   p a c k a g e   c o u l d   n o t   b e   o p e n e d
.     V e r i f y   t h a t   t h e   p a c k a g e   e x i s t s   a n d   t h a t   y o
u   c a n   a c c e s s   i t ,   o r   c o n t a c t   t h e   a p p l i c a t i o n   v
e n d o r   t o   v e r i f y   t h a t   t h i s   i s   a   v a l i d   W i n d o w s
I n s t a l l e r   p a c k a g e .
 msiexec exited on 10.1.20.164 with error code 1619.
0
tolinrome
Asked:
tolinrome
  • 5
  • 3
  • 2
  • +2
1 Solution
 
CSI-Windows_comCommented:
I know you can't do this in WMI.

By "this" I mean remote to a machine and then reach off of that machine to get something on another machine.

Since you are impersonating on your first call (changing user name and password), you are not allowed to subsequently access and secondary system (impersonate again).

This blocks a hacking vector.

Try this:
1) Login as the domain admin account
2) Start an ELEVATED command prompt
3) Execute your PSEXEC command line, but leave out the user name and password.

That is what would work in WMI in most cases.
0
 
Rob WilliamsCommented:
If Vista or newer I believe UAC will block this and there is no way around it unless you disable UAC on the machine to which you are connecting.
0
 
Nagendra Pratap SinghCommented:
Try this

psexec \\10.1.20.164 -u abc\admin -p password!! copy "\\abc-fs\comp
any\IT\Shared\Adobe Flash Player\install_flash_player_11_active_x.msi\install_flash_play
er_active_x.msi" c:\temp


This should check if you can at least copy the file from the share to c:\temp etc.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
tolinromeAuthor Commented:
I tried the suggestion by csi_windows and that didnt work, UAC is disabled on WIN 7 and when I tried the copy I get:

PsExec could not start copy on 10.1.20.164:
The system cannot find the file specified.

does that mean it cant find the msi file on the share? It's there and all users, everyone, domainusers, domain computers have full access to the share permissions and ntfs permissions and I can access the msi file from the client pc by \\servername\share. ahhhh
0
 
Nagendra Pratap SinghCommented:
copy the file to abc.msi and share it with a share called share1 etc.

This should make the path smaller and w/o spaces. Then try your psexec string.
0
 
tolinromeAuthor Commented:
tried that, same problem.
0
 
McKnifeCommented:
Hi.

First, make sure that you can launch commands remotely, so try to start some application remotely for a start and open an elevated task manager remotely in an RDP session to see if it has really started, because it won't run interactively.
Then, the way you use psexec is dangerous. You are constantly firing the domain admin password through your network - in plain text! Yes, that's how psexec works.
To circumvent this, start the command prompt with domain admin rights already, then this won't happen.
next, you should try to copy the package locally using psexec -c
-c         Copy the specified program to the remote system for
           execution. If you omit this option the application
           must be in the system path on the remote system
.
0
 
tolinromeAuthor Commented:
thanks. How can I "First, make sure that you can launch commands remotely, so try to start some application remotely for a start " - is there something simple you can suggest?

I've tried with the -c to no avail: psexec \\10.1.20.93 -u abc\admin -p Password!! cmd /c "msiexec/i "\\gtp-fs\companysf\IT\Shared\Adobe\activex.msi" /quiet /norestart

I'm not familiar with scripts so this is all new to me.
0
 
McKnifeCommented:
Try the command
psexec \\10.1.20.93 notepad
Note: no username and password please! Execute the psexec commands from a shell that you have started using domain admin credentials, otherwise, I repeat, the password travels through your network in plain text and can be intercepted easily with a sniffer.

If that works and notepad displays in task manager, we will go on.
0
 
tolinromeAuthor Commented:
I got it to work. When installing the package in the gpo you need to browse to the share directly for th emsi file and not through the network.
0
 
Nagendra Pratap SinghCommented:
How to browser to share directly?

Share means over a network, right?
0
 
Rob WilliamsCommented:
You got it to work with the GPO as CSI-Windows_com first mentioned, but your questions were all about implementing from the command line ??
0
 
tolinromeAuthor Commented:
I got it to work. When installing the package in the gpo you need to browse to the share directly for th emsi file and not through the network.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now