I have to invoke a script through psexec which involves using an username that has hyphens in it. Unfortunately, the command does not work and does not throw any understandable error message. It just shows me how I should be using psexec i.e., various arguments and what they stand for.
My command goes something like this -
psexec.exe \\hostname -u domain\user-name-acct -p passwd -i 2 <script>
I am almost certain that hyphen is the culprit since I am able to invoke the same script by using a username that does not have hyphens. The account has admin privileges on the VM. Before I ask them to create / edit the username not to have hyphens, I just want to make sure that there is no way to run such commands.
Update - Command Result
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
PsExec executes a program on a remote system, where remotely executed console
applications execute interactively.
Usage: psexec [\\computer[,computer2[,...] | #file]][-u user [-p psswd][-n s][-r servicename][-h][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...] cmd [arguments]
-a Separate processors on which the application can run with
commas where 1 is the lowest numbered CPU. For example,
to run the application on CPU 2 and CPU 4, enter:
"-a 2,4"
-c Copy the specified program to the remote system for
execution. If you omit this option the application
must be in the system path on the remote system.
-d Don't wait for process to terminate (non-interactive).
-e Does not load the specified account's profile.
-f Copy the specified program even if the file already
exists on the remote system.
-i Run the program so that it interacts with the desktop of the
specified session on the remote system. If no session is
specified the process runs in the console session.
-h If the target system is Vista or higher, has the process
run with the account's elevated token, if available.
-l Run process as limited user (strips the Administrators group
and allows only privileges assigned to the Users group).
On Windows Vista the process runs with Low Integrity.
-n Specifies timeout in seconds connecting to remote computers.
-p Specifies optional password for user name. If you omit this
you will be prompted to enter a hidden password.
-r Specifies the name of the remote service to create or interact.
with.
-s Run the remote process in the System account.
-u Specifies optional user name for login to remote
computer.
-v Copy the specified file only if it has a higher version number
or is newer on than the one on the remote system.
-w Set the working directory of the process (relative to
remote computer).
-x Display the UI on the Winlogon secure desktop (local system
only).
-priority Specifies -low, -belownormal, -abovenormal, -high or
-realtime to run the process at a different priority. Use
-background to run at low memory and I/O priority on Vista.
computer Direct PsExec to run the application on the remote
computer or computers specified. If you omit the computer
name PsExec runs the application on the local system,
and if you specify a wildcard (\\*), PsExec runs the
command on all computers in the current domain.
#file PsExec will execute the command on each of the computers listed
in the file.
cmd Name of application to execute.
arguments Arguments to pass (note that file paths must be
absolute paths on the target system).
-accepteula This flag supresses the display of the license dialog.
You can enclose applications that have spaces in their name with
quotation marks e.g. psexec \\marklap "c:\long name app.exe".
Input is only passed to the remote system when you press the enter
key, and typing Ctrl-C terminates the remote process.
If you omit a user name the process will run in the context of your
account on the remote system, but will not have access to network
resources (because it is impersonating). Specify a valid user name
in the Domain\User syntax if the remote process requires access
to network resources or to run in a different account. Note that
the password and command is encrypted in transit to the remote system.
Error codes returned by PsExec are specific to the applications you
execute, not PsExec.
I do not have a windows box to test my hypothesis on, but I believe you would enclose the domain\user-name in either single or double quotes:
psexec.exe \\hostname -u "domain\user-name-acct" -p passwd -i 2 <script>
or possibly:
psexec.exe \\hostname -u 'domain\user-name-acct' -p passwd -i 2 <script>
However, I would be leaning toward the double quotes..
Also, if this does not resolve your issue, perhaps post the errors, even if they are nonsense to you, they may mean something to others.
HTH
Related
My batch file that I created to stop and then start windows service won't run and throws back an error
Each time I run the file as Admin (I am the only user that's on this machine and the account is an admin account).
I have tested my batch file on its own and not in task scheduler and it works perfectly fine when I run the batch file as admin. However, it falls over when I try set up a daily task on Task Scheduler.
I have a simple batch file that stops and starts a service. for reference this is what it looks like:
Net Stop "StorSvc"
Net Start "StorSvc"
I have run this as admin and it worked fine. I then created a task to do this daily at a certain time. I placed the file in C: Drive and attached the file to my task scheduler.
On the security options I have ticked
"Run whether user is logged on or not"
"Run with the highest privileges"
I have changed the "When running the task use the following user account" to my account, Systems and other admin options that show up. I even selected "System"
When I click ok it prompts me to sign in to the admin account. when I do this it says
"An error has occurred for task StorSvc" Error message. One or more of the specified arguments are not valid"
All of the last run results are as listed below:
0x800710E0
0x41303
0x2
I have had better success with sc.exe for controlling services via batch file.
For your situation this should work:
sc.exe stop StorSvc
sc.exe start StorSvc
If that still gets credential issues you could include PsExec.exe like this:
psexec.exe -u <user> -p <password> -c "sc.exe stop StorSvc"
psexec.exe -u <user> -p <password> -c "sc.exe start StorSvc"
I'm pretty new to batch scripting.
I was looking for a simple way to start an executable on several remote computers.
What I have come up with, until now, is to make a batch file which calls psexec for all machines on the network, but it seems I can make it work for one computer only. I have two versions of the psexec part of the script:
FIRST VERSION
psexec -i \\PC-IP -u "xxxxx" -p "yyyyy" "C:\XXXXXXXX\my_executable.exe"
this is the very simple instruction I thought I should use for all the machines in the network. unfortunately, it works on the first computer but then, it opens a remote cmd, as far as I understood, and I don't know how to exit from it, to go to the next psexec.
SECOND VERSION
psexec -d \\PC-IP -u "xxxxx" -p "yyyyy" "C:\XXXXXXXX\my_executable.exe"
this is a variation of the first version, where I try to run the exec not interactively, so as not to be blocked and go on with the other instructions. This doesn't work, with the following error:
Logon failure: the user has not been granted the requested logon type
at this computer
can someone help me understand what I'm doing wrong?
thank you in advance.
I solved this problem.
The program was actually being started, but it was "stuck" as if waiting for something, and my batch script wasn't moving forward. Turns out, the program being started on first computer wasn't listed among the current session user's running programs (i.e. from task manager, the program was listed on the "Processes" tab, but not on the "Users" tab, under the logged in user).
To actually make it run properly (in my case, my executable would open a GUI), the proper psexec command was:
psexec -accepteula -i 1 -d \\COMPUTER_NAME -u "COMPUTER_NAME\xxxx" -p "yyyy" "C:\xxxxxxx\my_executable.exe"
where "1" indicates the ID of the user "xxxx" current session.
With this the GUI showed up, the script moved on and I could execute the program everywhere on the network.
I'm still not sure why I had to add both -i and -d (I thought that either I used one, or the other).
Can logoff or sing out a special user in domain from server via batch file?
like : shutdown -r -m \\target computer
If it's going to run via batch file, you have to authenticate first, so I assume you have the credentials for that specific user/domain admin user, so I'd recommend using wmic.exe(using RPC):
wmic /node:"ServerHostname" /user:"DomainName\DomainAdmin" /password:"DomainAdminPass" process call create "shutdown -l -t 0"
There are many other ways to do this in a domain like performing a "net use" to authenticate and than creating and running a service via sc.exe or at.exe/authenticating via schtasks.exe and creating a schedule tasks that can run remotely.
I am trying figure out how to run an application on local pc and then on my second pc both are at my home network, I am using several applications which merge together by entering second pc ip, so i though if i can anyway do something like
my spec: local 10.0.0.1
and second pc 10.0.0.4
need to run from my local
#echo off
start "" "C:\TEST\TESTAPP.EXE"
start 10.0.0.4 "C:\TEST2\TESTAPP.EXE" <-- just need find a way how to do this
didnt found anything regarding start command and ip address specified maybe it couldnt be achieved with bat script?
thanks everyone for any helpful response and sorry if its just dumb question
If I understand correctly you are trying to start a script on machine B from machine A. If this is correct I would recommend using PSExec from Sysinternals Suit.
Example
Psexec.exe \\<computername or ip> -u username -p password C:\ProgramToRun.exe
PSExec help file from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Using PsExec
Usage: psexec [\\computer[,computer2[,...] | #file]][-u user [-p psswd][-n s][-r servicename][-h][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...] cmd [arguments]
-a Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: "-a 2,4"
-c Copy the specified program to the remote system for execution. If you omit this option the application must be in the system path on the remote system.
-d Don't wait for process to terminate (non-interactive).
-e Does not load the specified account’s profile.
-f Copy the specified program even if the file already exists on the remote system.
-i Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
-h If the target system is Vista or higher, has the process run with the account's elevated token, if available.
-l Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity.
-n Specifies timeout in seconds connecting to remote computers.
-p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
-r Specifies the name of the remote service to create or interact with.
-s Run the remote process in the System account.
-u Specifies optional user name for login to remote computer.
-v Copy the specified file only if it has a higher version number or is newer on than the one on the remote system.
-w Set the working directory of the process (relative to remote computer).
-x Display the UI on the Winlogon secure desktop (local system only).
-priority Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista.
computer Direct PsExec to run the application on the remote computer or computers specified. If you omit the computer name, PsExec runs the application on the local system, and if you specify a wildcard (\\*), PsExec runs the command on all computers in the current domain.
#file PsExec will execute the command on each of the computers listed in the file.
cmd Name of application to execute.
arguments Arguments to pass (note that file paths must be absolute paths on the target system).
-accepteula This flag suppresses the display of the license dialog.
I have a Server 2008 R2 Standard. I need to execute a batch-file using psexec from my PC Win7. The only time this worked is when i disabled the UAC on my server. Deactivating the UAC is out of the question, I'm looking for a solution with UAC enabled.
Error message:
Could not start PSEXESVC service on remotehost:
Access denied.
PS: In my command line of psexec I'm using the administrator user of my server to execute the batch-file. The UAC level is 3 on my server.
Best regards,
Tasso
It took me hours to find a working way to PsExec between two Windows 7 computers with a non-Admin user starting PsExec.
Disabling UAC...
EnableLUA=0
ConsentPromptBehaviorAdmin=0
LocalAccountTokenFilterPolicy=1
...did not work, turning off the firewall did not work.
Here I found the working way - thanks JelmerS (PSexec is not connecting to machine using supplied username and password).
*This is because psexec still tries to access the ADMIN$ share with your local credentials, before executing your command as another user. According to this thread, you can cache credentials before executing psexec:
cmdkey.exe /add:MACHINE_NAME_HERE /user:MACHINE_NAME_HERE\Administrator /pass:PASSWORD_HERE
psexec.exe \\MACHINE_NAME_HERE -i notepad
cmdkey.exe /delete:MACHINE_NAME_HERE*
Best regards, Peter
It seems that running PsExec from a Win7/Win2K8 machine against a Win7/Win2K8 target, regardless of the "-u" and "-p" params on the PsExec command-line,those params are ignored and PsExec is being executed remotely with whatever user credentials we happen to be logged in locally with.
Even though you stating which user account to execute the command on the remote system it executes the psexec command as the user that opened the command window.
When opening the Command Prompt, please right click it and select 'run as Administrator'. Meanwhile, make sure the user has administrator privileges on target PC.
The only solution i see to offer is to use the "Runas" (with the account you will need on the remote system) command to execute PsExec and forget the -u -p params.
In command prompt, you can try as,
echo "password" > pwd
runas /env /netonly /user:domain\Administrator "psexec.exe your_local_program.bat" < pwd
del pwd
Or just:
echo password | runas /env /netonly /user:domain\Administrator "psexec.exe your_local_program.bat"
Moreover....
Don't forget to check your Anti-virus which frequently blocks several of the PStools.