We have an existing system, in which we remotely execute scripts on a machine which resides in remote Windows 2003 domain using this type of commands:
PsExec.exe \\machine1-2003 -i -u 2003-DOMAIN\administrator -p xxxxxx \\remote-server1\path\some-script.bat
We are moving to a new environment, in which the domain is Windows 2012 level, and this command now does not work when we try to use a Windows 2003 machine in the new domain.
PsExec.exe \\machine2-2003 -i -u 2012-DOMAIN\administrator -p xxxxxx \\remote-server2\path\some-script.bat
PSExec returns "Access Denied" error. I can only run local commands (C:, D:)
However, I can run the same command against a Windows 2012 client:
PsExec.exe \\machine2-2012 -i -u 2012-DOMAIN\administrator -p xxxxxx \\remote-server2\path\some-script.bat
the script we call calls several scripts, and is not meant to be run on 2012 machines; I played with using "net use" as part of the PSExec command and was able to run simple commands, but the script I need to run calls many other scripts and none will work unless they all change to use the same drive letter the "net use" references and that would be a nightmare; the same scripts are also execute directly on the remote machines.
any idea? I saw references to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting\Default Impersonation Level but its set to the same value (3) on the 2003 and 2012 machines. The DC uses default security settings for all machines.
EDIT: I just tried this and it works:
c:\>PsExec.exe \\machine2-2003 -i -u 2012-DOMAIN\administrator -p xxxxxx cmd
( i am logged in and now the window is on the remote machine)
so if just run cmd, my command prompt switched to the remote, and then i was able to run the script on the UNC path. so why can't i run it in one command? i should stress that the PSExec is part of a script system and thus we cannot have need for interactive users.