Solved

WMIC process call create ReturnValue = 3 problem

Posted on 2014-09-17
16
1,443 Views
Last Modified: 2014-10-07
When using WMIC to remotely query two windows 2003 domain controllers, I cannot use proccess call create "name.exe". I can list processes and terminate them with out issue.

The results of using process call create shown below:

C:\Windows>wmic /node:"dc1"  /user:Administrator /password:password123 process call create "calc.exe"
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 3;
};

I have been my Google searches have not turned up anything useful so far.

Anyone have any suggestions as to how I might troubleshoot this problem?
0
Comment
Question by:spencerturbine
  • 9
  • 7
16 Comments
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329242
Any chance that "name.exe" is not on the path? "Calc.exe" is so that will start.

Can you try adding the full path to "name.exe"?
0
 

Author Comment

by:spencerturbine
ID: 40329249
I have tried calc.exe and c:\windows\system32\calc.exe and I get the same results.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329291
calc is working, but you want name.exe to work, right?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:spencerturbine
ID: 40329297
No calc returns error 3
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329299
Then I misunderstood this part:

"Method execution successful."
0
 

Author Comment

by:spencerturbine
ID: 40329302
Well the call was successful, but the command executed as a result of the call reported an error.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329306
C:\Users\me>wmic /node:mypc process call create calc.exe
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ProcessId = 1744;
        ReturnValue = 0;
};

Open in new window


I got a calc.exe that opened just fine.
0
 

Author Comment

by:spencerturbine
ID: 40329312
Yes I can do this on my  own machine as well as many domain workstations. But I cannot successfully run the command on the two domain controllers.

Which is the intended purpose. (Not to run calc.exe, but to execute another command I have ready. Calc.exe is being used to simplyfly troubleshooting)
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329822
I don't have a domain server to test with so my contribution ends here...
0
 

Author Comment

by:spencerturbine
ID: 40330103
OK Thanks!
0
 

Accepted Solution

by:
spencerturbine earned 0 total points
ID: 40331109
I may have discovered the reason I cannot complete this command.

The Default Domain Controller Policy does not have the LOCAL or SYSTEM accounts listed in the "Replace a process level token" user right.

I will have to determine if this setting in the "default domain controller policy" is a "default" setting, or if it was changed for a reason.
0
 

Author Comment

by:spencerturbine
ID: 40331247
I really thought I had it there but no joy. I still get the error code 3 for insufficient privileges!
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40332275
Did you try with domain admin credentials, like this:

/user:your_domain\your_domain_admin /password:your_domain_admin_password
0
 

Author Comment

by:spencerturbine
ID: 40343897
Yes I did try the /user:DOMAIN\Administrator

The only way I got this to work was to add the Administrators group to the "Replace a process level token" user right.

I am hoping someone could shed some light on this so I don't have to set up a test 2003 domain just to see what the default user rights are because I have never seen anyone explain the potential for this command to fail because the "Replace a process level token" user right did not contain the Administrators group.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40346594
>> so I don't have to set up a test 2003 domain
Can help you there I'm afraid.
0
 

Author Closing Comment

by:spencerturbine
ID: 40365504
Ultimately this was the reason why I was not able to complete the command.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Screen Mirroring 7 69
Moving RDP Server to New Server. 3 55
Excel file not created as expected 7 72
Intel Server Board SE7525GP2 Doesn't Recognize Full Hard Drive Capacity 4 108
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question