ccfcfc
asked on
Powershell scripting
All, I am in the middle of configuring a powershell script that is able to run a BAT file that is stored on a remote server. This script will be ran from our NMS and will run the BAT file remotely (ideally anyway). However, to where our NMS and remote server lie, are across 2 domains and wondered if anyone of a way I can run the powershell script under a different domain credentials?
here is a copy of the scripts that works:
$RemoteServerName = "\\xxx.xxx.xxx.xxx"
$Process = [WMICLASS]"$RemoteServerNa me\ROOT\CI MV2:win32_ process"
$result = $process.create("D:/xxxx/x xx.bat")
surely there must a switch that can be included that can run this task as another remote user?
thanks
here is a copy of the scripts that works:
$RemoteServerName = "\\xxx.xxx.xxx.xxx"
$Process = [WMICLASS]"$RemoteServerNa
$result = $process.create("D:/xxxx/x
surely there must a switch that can be included that can run this task as another remote user?
thanks
Or ofcourse use proper remote powershell. See tutorial here to get you started.
http://www.computerperformance.co.uk/powershell/powershell_remote.htm
http://www.computerperformance.co.uk/powershell/powershell_remote.htm
if you run the batch file which executes the powershell as a scheduled task then you can put the credentials in there
or here is the powershell way
http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx
or here is the powershell way
http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx
Any special reason for using PS just to start a batch file? My approach would be the psexec as shown above, or PS Remoting (staying inside of PS all the time), but not mix the methods here.
ASKER
Originally due to our NMS software is only able to run a PSscript, VBscript or Java scripts. I was informed from co workers that powershell would probably be the best option to work from.
Also, this bat file must run on the remote server and run in a logged in session as the BAT file it runs requires to stay open in order to work.
thanks
Also, this bat file must run on the remote server and run in a logged in session as the BAT file it runs requires to stay open in order to work.
thanks
in that case use the link i posted from technet to embed the credentials in there. Its really easy if you don't mind the credentials being left in plain text
ASKER
Neilsr, thank you for your post.
I have taken a look at your linked articles and have added all the servers involved into the trust lists, however, when creating the a 'PSSession' i am getting this error:
192.168.50.242] Connecting to remote server failed with the following error message : The WinRM client cannot process
the request. Default authentication may be used with an IP address under the following conditions: the transport is HTT
PS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure Tr
ustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set
TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooti ng
Help topic.
+ CategoryInfo : OpenError: (System.Manageme....Remote Runspace:R emoteRunsp ace) [], PSRemotingTransportExc
eption
Have you seen this error before? Im preety certain that due to the server being across 2 different domains, I need to stick in a credential switch, but unsure how. This is the command I used:
new-pssession <Ipaddress>
irweazelwallis, thanks for your posts also, I am reading that one also.
Kind regards
I have taken a look at your linked articles and have added all the servers involved into the trust lists, however, when creating the a 'PSSession' i am getting this error:
192.168.50.242] Connecting to remote server failed with the following error message : The WinRM client cannot process
the request. Default authentication may be used with an IP address under the following conditions: the transport is HTT
PS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure Tr
ustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set
TrustedHosts run the following command: winrm help config. For more information, see the about_Remote_Troubleshooti
Help topic.
+ CategoryInfo : OpenError: (System.Manageme....Remote
eption
Have you seen this error before? Im preety certain that due to the server being across 2 different domains, I need to stick in a credential switch, but unsure how. This is the command I used:
new-pssession <Ipaddress>
irweazelwallis, thanks for your posts also, I am reading that one also.
Kind regards
New-PSSession/Invoke-Command with an IP address, or with a target in a different domain, will need more. By default, Kerberos is used to authenticate, but that only works within the same domain and with machine names.
Also note that you have to restart WinRM after setting TrustedHosts. You only need to set the target host here. The two ways to do that are
Also note that you have to restart WinRM after setting TrustedHosts. You only need to set the target host here. The two ways to do that are
winrm set winrm/config/client @{TrustedHosts="RemotePC1, RemotePC2"}
or
cd WSMan:\localhost\Client
set-Item trustedhosts "RemotePC1, RemotePC2" –force
and then
restart-Service winRM
For invoking a remote command with explicit credentials you should use$cred = New-Object system.management.automation.pscredential("RemoteUser", (ConvertTo-SecureString "RemotePwd" -AsPlainText –force))
invoke-command RemotePC1 {dir c:\} –authenticate negotiate –credential $cred
where dir c:\ is an example command.
ASKER
Qlemo,
thanks for your response.
I have adjusted my script to the following:
'$cred = new-object system.management.automati on.pscrede ntial("*** ****", (ConvertTo-SecureString "***********" -AsPlainText -force)) invoke-command "\\192.168.51.242" {dir C:\}
invoke-command "\\192.168.51.242" {dir c:\} –authenticate negotiate –credential $cred
$RemoteServerName = "\\192.168.51.242"
$Process = [WMICLASS]"$RemoteServerNa me\ROOT\CI MV2:win32_ process"
$result = $process.create("D:/Red5/r ed5.bat")'
When i run this script, a dialogue box appears seeking credentials. I key in the credentials and receive this error:
New-Object : A positional parameter cannot be found that accepts argument 'invoke-command'.
At C:\Scripts\ldc_fms_01.ps1: 1 char:19
+ $cred = new-object <<<< system.management.automati on.pscrede ntial("*** ******", (ConvertTo-SecureString "*******************" -AsPlainText -force)) invoke-command "\\192.168.51.242" {dir C:\
}
+ CategoryInfo : InvalidArgument: (:) [New-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun d,Microsof t.PowerShe ll.Command s.NewObjec tCommand
Invoke-Command : A parameter cannot be found that matches parameter name 'authenticate'.
At C:\Scripts\ldc_fms_01.ps1: 2 char:58
+ invoke-command "\\192.168.51.242" {dir c:\} –authenticate <<<< negotiate –credential $cred
+ CategoryInfo : InvalidArgument: (:) [Invoke-Command], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Mic rosoft.Pow erShell.Co mmands.Inv okeCommand Command
Cannot convert value "\\192.168.51.242\ROOT\CIM V2:win32_p rocess" to type "System.Management.Managem entClass". Error: "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
At C:\Scripts\ldc_fms_01.ps1: 4 char:22
+ $Process = [WMICLASS] <<<< "$RemoteServerName\ROOT\CI MV2:win32_ process"
+ CategoryInfo : NotSpecified: (:) [], RuntimeException
+ FullyQualifiedErrorId : RuntimeException
You cannot call a method on a null-valued expression.
At C:\Scripts\ldc_fms_01.ps1: 5 char:26
+ $result = $process.create <<<< ("D:/Red5/red5.bat")
+ CategoryInfo : InvalidOperation: (create:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Do you know what is causing this to error. Please bare in mind I am new to powershell and not a Guru when it come to this area.
Thanks in advance.
thanks for your response.
I have adjusted my script to the following:
'$cred = new-object system.management.automati
invoke-command "\\192.168.51.242" {dir c:\} –authenticate negotiate –credential $cred
$RemoteServerName = "\\192.168.51.242"
$Process = [WMICLASS]"$RemoteServerNa
$result = $process.create("D:/Red5/r
When i run this script, a dialogue box appears seeking credentials. I key in the credentials and receive this error:
New-Object : A positional parameter cannot be found that accepts argument 'invoke-command'.
At C:\Scripts\ldc_fms_01.ps1:
+ $cred = new-object <<<< system.management.automati
}
+ CategoryInfo : InvalidArgument: (:) [New-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFoun
Invoke-Command : A parameter cannot be found that matches parameter name 'authenticate'.
At C:\Scripts\ldc_fms_01.ps1:
+ invoke-command "\\192.168.51.242" {dir c:\} –authenticate <<<< negotiate –credential $cred
+ CategoryInfo : InvalidArgument: (:) [Invoke-Command], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Mic
Cannot convert value "\\192.168.51.242\ROOT\CIM
At C:\Scripts\ldc_fms_01.ps1:
+ $Process = [WMICLASS] <<<< "$RemoteServerName\ROOT\CI
+ CategoryInfo : NotSpecified: (:) [], RuntimeException
+ FullyQualifiedErrorId : RuntimeException
You cannot call a method on a null-valued expression.
At C:\Scripts\ldc_fms_01.ps1:
+ $result = $process.create <<<< ("D:/Red5/red5.bat")
+ CategoryInfo : InvalidOperation: (create:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Do you know what is causing this to error. Please bare in mind I am new to powershell and not a Guru when it come to this area.
Thanks in advance.
You seem to have made some mistakes when pasting all together. However, the second line contained a typo anyway. Your code should look like:
$RemoteServerName = "\\192.168.51.242"
$cred = new-object system.management.automation.pscredential("*******", (ConvertTo-SecureString "***********" -AsPlainText -force))
$result = invoke-command $RemoteServerName {cmd /c D:\Red5\red5.bat} –Authentication negotiate –Credential $cred
ASKER
Hi Qlemo,
Thank you for your response. Taking a look at your script, I have adapted your suggested script to our systems but seem to be getting errors in return:
'[ldc-fms-01] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if th
e client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure Tru
stedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more informa
tion, see the about_Remote_Troubleshooti ng Help topic.
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportExcepti on
+ FullyQualifiedErrorId : PSSessionStateBroken'
Also, here is the scripts that I have made and used to receive this error:
'$RemoteServerName = 'servername'
$cred = new-object system.management.automati on.pscrede ntial("dom ain\userna me", (ConvertTo-SecureString "*****************" -AsPlainText -force))
$result = invoke-command $RemoteServerName {cmd /c D:\Red5\red5.bat} –Authentication negotiate –Credential $cred '
please note that these 2 servers are on 2 different domains that are linked together via VPN.
thanks
Thank you for your response. Taking a look at your script, I have adapted your suggested script to our systems but seem to be getting errors in return:
'[ldc-fms-01] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if th
e client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure Tru
stedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more informa
tion, see the about_Remote_Troubleshooti
+ CategoryInfo : OpenError: (:) [], PSRemotingTransportExcepti
+ FullyQualifiedErrorId : PSSessionStateBroken'
Also, here is the scripts that I have made and used to receive this error:
'$RemoteServerName = 'servername'
$cred = new-object system.management.automati
$result = invoke-command $RemoteServerName {cmd /c D:\Red5\red5.bat} –Authentication negotiate –Credential $cred '
please note that these 2 servers are on 2 different domains that are linked together via VPN.
thanks
That error message is only sent when TrustedHosts is not correct. Please make sure you execute
set RemoteServerName='ldc-fms-01'
set-Item WSMan:\localhost\Client\trustedhosts $RemoteServerName –force
$cred = new-object system.management.automation.pscredential("*******", (ConvertTo-SecureString "***********" -AsPlainText -force))
$result = invoke-command $RemoteServerName {cmd /c D:\Red5\red5.bat} –Authentication negotiate –Credential $cred
ASKER
Qlemo, Thank you for your reply.
I have tried the script you had suggested, and seem to be getting more errors.
here is the script I tried:
'set RemoteServerName= 'ldc-man-02'
set-Item WSMan:\localhost\Client\tr ustedhosts $RemoteServerName –force
$cred = new-object system.management.automati on.pscrede ntial (domain\username", (ConvertTo-SecureString "***password***" -AsPlainText -force))
$result = invoke-command $RemoteServerName {cmd /c C:\scripts\test.bat} –Authentication negotiate –Credential $cred '
Here is the error that I am getting:
'The string starting:
At C:\Scripts\ldc_fms_01.ps1: 3 char:120
+ $cred = new-object system.management.automati on.pscrede ntial (domain\username", (ConvertTo-SecureString "xxxxxxxxxxxxxxxx <<<< " -AsPlainText -force))
is missing the terminator: ".
At C:\Scripts\ldc_fms_01.ps1: 4 char:118
+ $result = invoke-command $RemoteServerName {cmd /c C:\scripts\test.bat} –Authentication negotiate –Credential $cred <<<<
+ CategoryInfo : ParserError: ( -AsPlainText -...dential $cred :String) [], ParentContainsErrorRecordE xception
+ FullyQualifiedErrorId : TerminatorExpectedAtEndOfS tring'
Does any of this make sense to you?
thanks
EDIT: ModeIT 2-2-13 (removed sensitive info)
I have tried the script you had suggested, and seem to be getting more errors.
here is the script I tried:
'set RemoteServerName= 'ldc-man-02'
set-Item WSMan:\localhost\Client\tr
$cred = new-object system.management.automati
$result = invoke-command $RemoteServerName {cmd /c C:\scripts\test.bat} –Authentication negotiate –Credential $cred '
Here is the error that I am getting:
'The string starting:
At C:\Scripts\ldc_fms_01.ps1:
+ $cred = new-object system.management.automati
is missing the terminator: ".
At C:\Scripts\ldc_fms_01.ps1:
+ $result = invoke-command $RemoteServerName {cmd /c C:\scripts\test.bat} –Authentication negotiate –Credential $cred <<<<
+ CategoryInfo : ParserError: ( -AsPlainText -...dential $cred :String) [], ParentContainsErrorRecordE
+ FullyQualifiedErrorId : TerminatorExpectedAtEndOfS
Does any of this make sense to you?
thanks
EDIT: ModeIT 2-2-13 (removed sensitive info)
You have omitted the leading double quote for domain\username. You need to enclose it in double or single quotes.
ASKER
Qlemo, despite doing this, the errors still remain? Any other thoughts?
thanks
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Qlemo, I ran the proposed script but am still getting errors when attempting to run the scripts:
S C:\Scripts> C:\Scripts\ldc_fms_01.ps1
Set-Item : This command cannot be used because Parameter Value is not supplied. Check the value again and run your command.
At C:\Scripts\ldc_fms_01.ps1: 2 char:9
+ set-Item <<<< WSMan:\localhost\Client\tr ustedhosts $RemoteServerName –force
+ CategoryInfo : NotSpecified: (:) [Set-Item], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,M icrosoft.P owerShell. Commands.S etItemComm and
Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At C:\Scripts\ldc_fms_01.ps1: 4 char:25
+ $result = invoke-command <<<< $RemoteServerName {cmd /c C:\scripts\test.bat} –Authentication negotiate –Credential $cred
+ CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidation Exception
+ FullyQualifiedErrorId : ParameterArgumentValidatio nError,Mic rosoft.Pow erShell.Co mmands.Inv okeCommand Command
Thanks
S C:\Scripts> C:\Scripts\ldc_fms_01.ps1
Set-Item : This command cannot be used because Parameter Value is not supplied. Check the value again and run your command.
At C:\Scripts\ldc_fms_01.ps1:
+ set-Item <<<< WSMan:\localhost\Client\tr
+ CategoryInfo : NotSpecified: (:) [Set-Item], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,M
Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At C:\Scripts\ldc_fms_01.ps1:
+ $result = invoke-command <<<< $RemoteServerName {cmd /c C:\scripts\test.bat} –Authentication negotiate –Credential $cred
+ CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidation
+ FullyQualifiedErrorId : ParameterArgumentValidatio
Thanks
Sorry, small typo in the first line:
set $RemoteServerName= 'ldc-man-02'
set-Item WSMan:\localhost\Client\trustedhosts $RemoteServerName –force
$cred = new-object system.management.automation.pscredential ('domain\username', (ConvertTo-SecureString '***password***' -AsPlainText -force))
$result = invoke-command $RemoteServerName {cmd /c C:\scripts\test.bat} –Authentication negotiate –Credential $cred
Open in new window
The drawback is that psexec uses plain text to transmit passwords.