Davoud Teimouri
asked on
wmic run a batch file from UNC path on remote computer
Hi all,
Is there any solution to run a batch file from a UNC path on a remote computer by using wmic?
I want to run a command like this: wmic /node:[TargetIPaddr] /user:[admin] process call create "Start \\UNC_Path\batchfile.bat"
Is there any solution to run a batch file from a UNC path on a remote computer by using wmic?
I want to run a command like this: wmic /node:[TargetIPaddr] /user:[admin] process call create "Start \\UNC_Path\batchfile.bat"
It works in an AD domain if you first enable the "Trust this computer for delegation" for the AD computer object, and then start wmic with the impersonation level "Delegate" and the authority:
All in all, it's probably easier to first copy the batch to the target machine, run wmic with the local copy, and then delete the local copy again.
wmic.exe /node:<target> /user:<user> /password:"<password>" /implevel:Delegate /Authority:"kerberos:<domain>\<target computer name>" process call create "\\UNC_Path\batchfile.bat"All in all, it's probably easier to first copy the batch to the target machine, run wmic with the local copy, and then delete the local copy again.
net.exe use \\<target>\ipc$ "<password>" /user:<user>
copy "\\UNC_Path\batchfile.bat" "\\target\admin$\Temp"
wmic.exe /node:<target> /user:<user> /password:"<password>" process call create "%Systemroot%\Temp\batchfile.bat"
del "\\<target>\admin$\Temp"
net.exe delete \\<target>\ipc$ASKER
@RantCan: Hi, I have used PSEXEC but it's not worked because admin share is disabled on our clients and I do it by creating scheduled task on the target computers. Anyway, thanks for your comment.
ASKER
@oBdA: Many thanks for your solution, I'm going to check it.
ASKER
@oBdA: Your solution needs to a shared folder and we have no shared folder on our clients because the shared folder are disabled by domain via registry. Is there any way to create a share via wmic?
OK, maybe the solution with the delegation I suggested above isn't so complicated after all ...
You can create a share remotely using WMI (see https://support.microsoft.com/en-us/kb/295622):
Second obvious thought is to simply use the "process call create" to start "net.exe share ... /grant:...". Easy - until you notice that /grant requires a comma between the account and the permissions, and no amount of escaping allows to pass a comma as part of an argument to a call with wmic.
Long story short, I ended up extracting the comma at the end of the "dir" output into a variable and then used the variable.
The following command will share "C:\Temp" as "Te mp" (just as demonstration on how to escape double quotes) and grant Everyone Full share permissions (for simplicity's sake, I left out the /node and credentials). Don't change anything except for the "Te mp" and the "C:\Temp" to what you want to use.
You can create a share remotely using WMI (see https://support.microsoft.com/en-us/kb/295622):
wmic.exe /node:<target> share call create "", "Some Comment", "", "Temp", "", "C:\Temp", 0Second obvious thought is to simply use the "process call create" to start "net.exe share ... /grant:...". Easy - until you notice that /grant requires a comma between the account and the permissions, and no amount of escaping allows to pass a comma as part of an argument to a call with wmic.
Long story short, I ended up extracting the comma at the end of the "dir" output into a variable and then used the variable.
The following command will share "C:\Temp" as "Te mp" (just as demonstration on how to escape double quotes) and grant Everyone Full share permissions (for simplicity's sake, I left out the /node and credentials). Don't change anything except for the "Te mp" and the "C:\Temp" to what you want to use.
wmic.exe process call create "cmd.exe /v:on /C (for /f \"tokens=3 delims=) \" %a in ('dir C:\W*') do set Comma=%a)& net.exe share \"Te mp\"=C:\Temp /grant:Everyone!Comma!Full"wmic.exe process call create "cmd.exe /v:ON /C net.exe use \\<Server>\<Share> \"<Password>\" /user:<User>&\\<Server>\Share\folder\batch.cmd&net.exe use \\<Server>\<Share> /delete"ASKER
@oBdA:
Many thanks for your solution, you are EXPERT.
I got the below error when I was running the below line:
Is there any solution to fix it?
Also second command line worked perfectly but you said that this is insecurely.
Many thanks for your solution, you are EXPERT.
I got the below error when I was running the below line:
wmic.exe process call create "cmd.exe /v:on /C (for /f \"tokens=3 delims=) \" %a in ('dir C:\W*') do set Comma=%a)& net.exe share \"Te mp\"=C:\Temp /grant:Everyone!Comma!Full"Is there any solution to fix it?
Also second command line worked perfectly but you said that this is insecurely.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A great solution provided by an EXPERT
Thank you so much oBdA.
Thank you so much oBdA.
https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx