wmic run a batch file from UNC path on remote computer

Hi all,

Is there any solution to run a batch file from a UNC path on a remote computer by using wmic?
I want to run a command like this: wmic /node:[TargetIPaddr] /user:[admin] process call create "Start \\UNC_Path\batchfile.bat"
Davoud TeimouriDatacenter Senior ExpertAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RantCanSr. Systems AdministratorCommented:
What about using psexec? I have used it to do what you seem to be attempting.

https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
oBdACommented:
It works in an AD domain if you first enable the "Trust this computer for delegation" for the AD computer object, and then start wmic with the impersonation level "Delegate" and the authority:
wmic.exe /node:<target> /user:<user> /password:"<password>" /implevel:Delegate /Authority:"kerberos:<domain>\<target computer name>" process call create "\\UNC_Path\batchfile.bat"

Open in new window

Details are in 'WMI Security Settings', https://technet.microsoft.com/en-us/library/ee156574.aspx
All in all, it's probably easier to first copy the batch to the target machine, run wmic with the local copy, and then delete the local copy again.
net.exe use \\<target>\ipc$ "<password>" /user:<user>
copy "\\UNC_Path\batchfile.bat" "\\target\admin$\Temp"
wmic.exe /node:<target> /user:<user> /password:"<password>" process call create "%Systemroot%\Temp\batchfile.bat"
del "\\<target>\admin$\Temp"
net.exe delete \\<target>\ipc$

Open in new window

If you want to use psexec, note that network access by the remote process will only work if you specify user and password in the psexec command line, and these will be sent to the target unencrypted; check "psexec.exe -?".
Davoud TeimouriDatacenter Senior ExpertAuthor Commented:
@RantCan: Hi, I have used PSEXEC but it's not worked because admin share is disabled on our clients and I do it by creating scheduled task on the target computers. Anyway, thanks for your comment.
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Davoud TeimouriDatacenter Senior ExpertAuthor Commented:
@oBdA: Many thanks for your solution, I'm going to check it.
Davoud TeimouriDatacenter Senior ExpertAuthor Commented:
@oBdA: Your solution needs to a shared folder and we have no shared folder on our clients because the shared folder are disabled by domain via registry. Is there any way to create a share via wmic?
oBdACommented:
OK, maybe the solution with the delegation I suggested above isn't so complicated after all ...
You can create a share remotely using WMI (see https://support.microsoft.com/en-us/kb/295622):
wmic.exe /node:<target> share call create "", "Some Comment", "", "Temp", "", "C:\Temp", 0

Open in new window

Unfortunately, that doesn't allow you to set share permissions, so there will only be Read permissions for Everyone, which won't do you any good since you want to write to that share.
Second obvious thought is to simply use the "process call create" to start "net.exe share ... /grant:...". Easy - until you notice that /grant requires a comma between the account and the permissions, and no amount of escaping allows to pass a comma as part of an argument to a call with wmic.
Long story short, I ended up extracting the comma at the end of the "dir" output into a variable and then used the variable.
The following command will share "C:\Temp" as "Te mp" (just as demonstration on how to escape double quotes) and grant Everyone Full share permissions (for simplicity's sake, I left out the /node and credentials). Don't change anything except for the "Te mp" and the "C:\Temp" to what you want to use.
wmic.exe process call create "cmd.exe /v:on /C (for /f \"tokens=3 delims=) \" %a in ('dir C:\W*') do set Comma=%a)& net.exe share \"Te mp\"=C:\Temp /grant:Everyone!Comma!Full"

Open in new window

What should work, too (can't test it at the moment, and is obviously somewhat insecure) is to use explicit credentials to connect to the share:
wmic.exe process call create "cmd.exe /v:ON /C net.exe use \\<Server>\<Share> \"<Password>\" /user:<User>&\\<Server>\Share\folder\batch.cmd&net.exe use \\<Server>\<Share> /delete"

Open in new window

Edit: fixed unwanted line break in code.
Davoud TeimouriDatacenter Senior ExpertAuthor Commented:
@oBdA:
Many thanks for your solution, you are EXPERT.
I got the below error when I was running the below line:

wmic.exe process call create "cmd.exe /v:on /C (for /f \"tokens=3 delims=) \" %a in ('dir C:\W*') do set Comma=%a)& net.exe share \"Te mp\"=C:\Temp /grant:Everyone!Comma!Full"

Open in new window


Error
Is there any solution to fix it?
Also second command line worked perfectly but you said that this is insecurely.
oBdACommented:
That's a localization issue. Try it with this (you can replace the /C with a /K for local testing, which keeps the window open):
wmic.exe process call create "cmd.exe /v:on /C (for /f \"tokens=9 delims=h \" %a in ('wmic.exe /?^|find.exe \"type: switch-name\"') do set Comma=%a)&net.exe share \"TE MP\"=C:\Temp /GRANT:Everyone!Comma!Full"

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Davoud TeimouriDatacenter Senior ExpertAuthor Commented:
A great solution provided by an EXPERT
Thank you so much oBdA.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Batch

From novice to tech pro — start learning today.