I have two commands I have to run in CMD. I also need to run them remotely. I will add the .bat file to the C:\ of the remote computer as well. This is actually a fix for Windows 7 to 10 1809 migrations that breaks protected view in Office if anyone wants to know.
icacls "C:\Windows\SysWOW64\msvcp140.dll" /grant *S-1-15-2-1:(OI)(CI)RX
icacls "C:\Windows\SysWOW64\vcruntime140.dll" /grant *S-1-15-2-1:(OI)(CI)RX
This is what I came up with as being my first attempt at creating a bat file on my own. I am so new to this it's almost embarrassing but you have to start somewhere.
c:\
cd C:\Windows\SysWOW64
start cmd.exe /k icacls "C:\Windows\SysWOW64\msvcp140.dll" /grant *S-1-15-2-1:(OI)(CI)RX
start cmd.exe /c icacls "C:\Windows\SysWOW64\vcruntime140.dll" /grant *S-1-15-2-1:(OI)(CI)RX
pause
This also has to be run as admin.
One solution I can think of is for you to use PsExec from the SysInternals Suite. You mentioned trying to run command line commands from a remote location as admin, so this is why I am suggesting it. You can use it to run the icacls command or other commands remotely.
Here are some links to some documentation about PsExec:
Microsoft Documentation
ss64 Documentation
And a link to an artice written by Mark Russinovich (Sysinternals Creator) on using PsExec:
PsExec Article
Now for the usage for your specific need:
psexec -accepteula \\[IP Address or Hostname] -u [domain\username] -p [Password] cmd.exe
Example with the options filled in:
psexec -accepteula \\192.168.1.3 -u win7\bob -p P#ssword cmd.exe
This command will will allow you to open a remote command shell on the machine you want to execute the icacls commands. From there, you just run the icacls commands as if you were sitting at the remote machine. I recommend reading up in the links provided to understand what each switch does.
Or you can try this, which combines the above with your icacls commands and executes it all at once. I have not tested the command below, but it SHOULD work. This is all one command by the way, so make sure it is copied as one line.
psexec -accepteula \\[IP Address or Hostname] -u [User] -p [Password] cmd /c "icacls "C:\Windows\SysWOW64\msvcp140.dll" /grant *S-1-15-2-1:(OI)(CI)RX & icacls "C:\Windows\SysWOW64\vcruntime140.dll" /grant *S-1-15-2-1:(OI)(CI)RX"
I know this isn't a batch script, but it could help accomplish what you want to do.
Related
I want to execute a batch file
D:\apache-tomcat-6.0.20\apache-tomcat-7.0.30\bin\shutdown.bat
Which is on my server inidsoasrv01.
How should I write my .bat file?
Use microsoft's tool for remote commands executions: PsExec
If there isn't your bat-file on remote host, copy it first. For example:
copy D:\apache-tomcat-6.0.20\apache-tomcat-7.0.30\bin\shutdown.bat \\RemoteServerNameOrIP\d$\apache-tomcat-6.0.20\apache-tomcat-7.0.30\bin\
And then execute:
psexec \\RemoteServerNameOrIP d:\apache-tomcat-6.0.20\apache-tomcat-7.0.30\bin\shutdown.bat
Note: filepath for psexec is path to file on remote server, not your local.
You can use WMIC or SCHTASKS (which means no third party software is needed):
SCHTASKS:
SCHTASKS /s remote_machine /U username /P password /create /tn "On demand demo" /tr "C:\some.bat" /sc ONCE /sd 01/01/1910 /st 00:00
SCHTASKS /s remote_machine /U username /P password /run /TN "On demand demo"
WMIC (wmic will return the pid of the started process)
WMIC /NODE:"remote_machine" /user:user /password:password process call create "c:\some.bat","c:\exec_dir"
If you are in same WORKGROUP shutdown.exe /s /m \\<target-computer-name> should be enough shutdown /? for more, otherwise you need software to connect and control the target server.
UPDATE:
Seems shutdown.bat here is for shutting down apache-tomcat.
So, you might be interested to psexec or PuTTY: A Free Telnet/SSH Client
As native solution could be wmic
Example:
wmic /node:<target-computer-name> process call create "cmd.exe c:\\somefolder\\batch.bat"
In your example should be:
wmic /node:inidsoasrv01 process call create ^
"cmd.exe D:\\apache-tomcat-6.0.20\\apache-tomcat-7.0.30\\bin\\shutdown.bat"
wmic /? and wmic /node /? for more
With all the new security updates from Microsoft in the latest operating systems it is becoming more and more difficult to connect and execute scripts remotely. PsExec is one tool that helps you to connect a windows host from another windows host and execute command(s) or a script. Limitation of this tool is that it will execute the command(s) or a script, but it will not print the execution details. It will only return the process id.
C:\apps\tools\psexec \\%RemoteHostName% -u %Domain%\%userName% -p %userPassword% -accepteula -d -h -i 1 cmd.exe /c "cd C:\apps\test\ & echo Hello World" & call C:\apps\test\script.bat
While I would recommend against this.
But you can use shutdown as client if the target machine has remote shutdown enabled and is in the same workgroup.
Example:
shutdown.exe /s /m \\<target-computer-name> /t 00
replacing <target-computer-name> with the URI for the target machine,
Otherwise, if you want to trigger this through Apache, you'll need to configure the batch script as a CGI script by putting AddHandler cgi-script .bat and Options +ExecCGI into either a local .htaccess file or in the main configuration for your Apache install.
Then you can just call the .bat file containing the shutdown.exe command from your browser.
I need to create a .bat to put together with my setup system to install a network driver, but I have some difficulties in creating the bat.
This .bat needs:
execute a cmd with administrator privileges
run this command: netcfg.exe -v -l networkbll_lwf.inf -c s -i nt_networkbll
exit
The folder for all files location is: c:\Windows\System\Drivers.
You might have to use another batch file first to launch the second with admin rights.
In the first use
runas /noprofile /user:mymachine\administrator batchfilename.bat
PAUSE
and write the needed command in another bat file
I need to create a batch file that will open cmd.exe (as a administrator) with these lines:
cd C:\Program Files\Putty
cd C:\Program Files\Putty>psftp -i XXXXXXXXX.ppk xxxx_test#111.111.111.11 -b C:\UPLOAD\upload.ftp
Can anyone help me?
DoStuff.bat
#echo off
runas /user:%USERDOMAIN%\%USERNAME% "cmd.exe /K \"cd C:\Program Files\Putty\" & psftp -i XXXXXXXXX.ppk xxxx_test#111.111.111.11 -b C:\UPLOAD\upload.ftp"
runas will let you run a command as Administrator (you may need to change the domain/user to match your system, and enter a password).
Running cmd.exe /K will run the following commands.
The quotes around the commands need to be escaped with \"
I'm having a hard time seeing the difficulty.
Can you explain what you tried, and why it didn't work?
I want to execute a batch file
D:\apache-tomcat-6.0.20\apache-tomcat-7.0.30\bin\shutdown.bat
Which is on my server inidsoasrv01.
How should I write my .bat file?
Use microsoft's tool for remote commands executions: PsExec
If there isn't your bat-file on remote host, copy it first. For example:
copy D:\apache-tomcat-6.0.20\apache-tomcat-7.0.30\bin\shutdown.bat \\RemoteServerNameOrIP\d$\apache-tomcat-6.0.20\apache-tomcat-7.0.30\bin\
And then execute:
psexec \\RemoteServerNameOrIP d:\apache-tomcat-6.0.20\apache-tomcat-7.0.30\bin\shutdown.bat
Note: filepath for psexec is path to file on remote server, not your local.
You can use WMIC or SCHTASKS (which means no third party software is needed):
SCHTASKS:
SCHTASKS /s remote_machine /U username /P password /create /tn "On demand demo" /tr "C:\some.bat" /sc ONCE /sd 01/01/1910 /st 00:00
SCHTASKS /s remote_machine /U username /P password /run /TN "On demand demo"
WMIC (wmic will return the pid of the started process)
WMIC /NODE:"remote_machine" /user:user /password:password process call create "c:\some.bat","c:\exec_dir"
If you are in same WORKGROUP shutdown.exe /s /m \\<target-computer-name> should be enough shutdown /? for more, otherwise you need software to connect and control the target server.
UPDATE:
Seems shutdown.bat here is for shutting down apache-tomcat.
So, you might be interested to psexec or PuTTY: A Free Telnet/SSH Client
As native solution could be wmic
Example:
wmic /node:<target-computer-name> process call create "cmd.exe c:\\somefolder\\batch.bat"
In your example should be:
wmic /node:inidsoasrv01 process call create ^
"cmd.exe D:\\apache-tomcat-6.0.20\\apache-tomcat-7.0.30\\bin\\shutdown.bat"
wmic /? and wmic /node /? for more
With all the new security updates from Microsoft in the latest operating systems it is becoming more and more difficult to connect and execute scripts remotely. PsExec is one tool that helps you to connect a windows host from another windows host and execute command(s) or a script. Limitation of this tool is that it will execute the command(s) or a script, but it will not print the execution details. It will only return the process id.
C:\apps\tools\psexec \\%RemoteHostName% -u %Domain%\%userName% -p %userPassword% -accepteula -d -h -i 1 cmd.exe /c "cd C:\apps\test\ & echo Hello World" & call C:\apps\test\script.bat
While I would recommend against this.
But you can use shutdown as client if the target machine has remote shutdown enabled and is in the same workgroup.
Example:
shutdown.exe /s /m \\<target-computer-name> /t 00
replacing <target-computer-name> with the URI for the target machine,
Otherwise, if you want to trigger this through Apache, you'll need to configure the batch script as a CGI script by putting AddHandler cgi-script .bat and Options +ExecCGI into either a local .htaccess file or in the main configuration for your Apache install.
Then you can just call the .bat file containing the shutdown.exe command from your browser.
I am trying to use a windows batch script that uses PsExec to execute commands on a remote machine. Periodically it has "invalid handle" and the script then fails.
The script has not altered or indeed either machine.
Does anybody know why this happens as sometimes the scripts runs without a hitch.
Alternatively does anybody know how to run a script on a machine as the local user for that machine with a more reliable technology.
PS Sometimes the first PsExec works and the others fail.
EDIT
The script is just on line (apart from setting the appropriate variables)
PsExec %HOSTNAME% -I -u %USERNAME% -p %PASSWORD% CMD /C RMDIR /S /Q e:\SomeDir
This sometimes works but sometimes fails with "invalid handle"
You need to debug the situation.
You have a script, then something (what is Jenkins?) launch it on a remote PC, sometime it works, sometime it fail.
Is it deterministic?
When it fail does it always fail?
How does it fail?
You need to acquire better knowledge of how/when the script fail.
Here is what I would do to gather better understanding of these fails.
Can you run the script multiple time?
From the comments it seem that you run the script every hours, can you run it 3/4/5 time in a row, for each hours?
This will help you to determine how it fail: if you run it 5 time, does it works every time? it it fail, does it fail 5 times in a row?
Can you try to use different script?
You can create some more similar, but simpler, scripts.
So you can try your script with the RMDIR, then another script with a simple DIR command (just to se if the script launching/connection mechanism works) then another script with a simple ECHO command (so it doesent need to access any files/folder)
Run debug scripts on the local PC
Then, you can simultaneously run other scripts that run on the LOCAL PC (not the remote one where you need to execute the RMDIR) that try to access the remote PC, with a PING, or by copying a file from/to a network share...
Sniff the network
You can even set up a Wireshark instance that log all the packet sent between the 2 PC, this can be helpful to analyse/exclude networking issue.
You clearly need to track/log everything.
With this kind of information maybe you/we can have a better understanding of where the issue is.
=====================================
UPDATE 1 - Record some log
=====================================
Maybe you can try to use the following modified scripts to have some log files.
These script will create 2 log files, one on the remote PC (containing the message of the remotely executed command) and one on the local PC (containing any message from PsExec)
(you'll need to tweak the path where the log file are saved)
psexec %HOSTNAME% -I -u %USERNAME% -p %PASSWORD% CMD /C "RMDIR /S /Q e:\SomeDir >>c:\RemoteComputer.log 2>&1" >>c:\LocalComputer.log 2>&1
or the following one without the /I
Are you sure you need the /I parameters for CMD? On my Pc it doesn't works if I use the /I parameters...
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "RMDIR /S /Q e:\SomeDir >>c:\RemoteComputer.log 2>&1" >>c:\LocalComputer.log 2>&1
After some testing on my PCs, I've seen that PsExec install a service on the remote PC to run the command remotely. (It's called PsExecSvc.exe, installed in c:\windows\ on the WinXP PC I'm using for this test)
The remote installation/uninstallation of this temporary service for the command execution can surely be one of the possible "failure point" that generate the error.
If this is the case, then you should be able to track this down by looking at the LocalComputer.log, that will contain the message/error from PsExec.
As stated in my previous advice, I would also try to schedule simpler script like
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "dir c:\ >>c:\RemoteComputerDir.log 2>&1" >>c:\LocalComputerDir.log 2>&1
and
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "echo SuperEchoTest >>c:\RemoteComputerEcho.log 2>&1" >>c:\LocalComputerEcho.log 2>&1
===================================
UPDATE 2 - Try to use WMI
===================================
You can try to run the remote command by using WMI
wmic /node:%HOSTNAME% /user:%USERNAME% /password:%PASSWORD% process call create "CMD /C RMDIR /S /Q e:\SomeDir"
When you use WMI you need to be sure that windows firewall is not blocking your command. (when I tried to run a remote command with WMIC the windows firewall notification popped up on my Win 7 PC)
(I've the instruction to use WMIC here)
Yes, there is a more reliable technology for executing commands on a remote machine and is called powershell. For example, you can run :
test-connection -computername server01, server02, server12
pings from local computer to several remote computers.
Another very useful command is:
invoke-command -filepath c:\scripts\test.ps1 -computerName Server01
runs the Test.ps1 script on the Server01 computer.
A tutorial gives several examples on how to Run PowerShell Commands on Remote Computers.
A different technology can be found mimicking the Linux world, and using ssh. It's very common with clusters and I have personally used it with Windows Server 2008 R2, so I don't expect any difference on windows 7.
This task is commonly performed with ssh and password-less public key authentication. With it, the only needed information is the IP of the remote server and the public key of the client, stored on the server: only the client with the corresponding private key can connect to it (the keys must be created with ssh-keygen, on the client. The public key is copied to the server)
The server must have the TCP port 22 accessible from outside, in case there are firewalls, NATs,...
In my case I used the ssh server included in Windows SUA, but I suggest you forget them (they are deprecated, and quite cumbersome actually) and give a try to the OpenSSH cygwin server, sshd - even if not officially Microsoft, there is a large community supporting it at least - and occasionally I have used it reliably.
The client ssh command is included in SUA, in cygwin, or you can use putty if you want a lightweight solution on the client (not that cygwin is heavy - just the burden of having a sort of linux emulation that's not needed)
Giving a search for example I have found this post, explaining well the needed steps.