winrs reg query works but reg query hostname does not - batch-file

I am trying to verify that the usbstor driver is set to disabled on a remote machine in my domain in a vbscript but I'm having issues. I've turned to troubleshooting from the command line.
Using plain old reg query fails.
reg query \\hostname\hklm\system\currentcontrolset\services\usbstor /v start
ERROR: The network path was not found.
But if I run essentially the same command with winrs, it works fine.
winrs -r:hostname reg query hklm\system\currentcontrolset\services\usbstor /v start
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbstor
start REG_DWORD 0x4
Both commands work fine on other computers. What gives with this one?
Regardless of the computer I'm running the commands against, I open the firewall with this command:
winrs -r:hostname netsh advfirewall firewall set rule
group="Windows Management Instrumentation (WMI)" new enable=yes

The service RemoteRegistry is not running (or not accessible) on the remote host. You should be able to start it like this:
sc \\hostname config RemoteRegistry start= auto
sc \\hostname start RemoteRegistry
If the service is running but still not accessible, check that the Windows Firewall allows RPC.

Related

enabling local group policy through script

We are experiencing some problems when signing in to Onedrive, we found a fix with a policy. Now I want to make a script to deploy it to other customers.
I tried adding a key to te registry to enable te policy:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" /v Functions /t REG_SZ /d TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_PSK_WITH_AES_256_GCM_SHA384,TLS_PSK_WITH_AES_128_GCM_SHA256,TLS_PSK_WITH_AES_256_CBC_SHA384,TLS_PSK_WITH_AES_128_CBC_SHA256,TLS_PSK_WITH_NULL_SHA384,TLS_PSK_WITH_NULL_SHA256
However, when I run this script, it doesn't enable the policy in gpedit.msc.
Am I doing something wrong?

Batch file Proxy Setting Disable not working Win 10

The following line of script from a Batch file works fine in Win 7 and successfully disables the proxy setting in IE, but when i have tried it on Win 10 it dosnt work the proxy setting in unaffected, any ideas why?
UAC is auto elevated as per UAC so admin privileges is not an issue.
i have checked with regedit and the HKCU directory seems to be the same path on both.
echo LAN Settings - Proxy Setting *Disable*
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ^ /v ProxyEnable /t REG_DWORD /d 0 /f
IE > Internet Options > Connections > LAN Settings

Running remote batch in elevated command

I have a windows service install batch file in a remote computer (Install.cmd).
When I run it as administrator, it works just fine.
But when I run a script (RemoteInstall.cmd) that run the remote install script, it complete all the steps beside start running.
From my computer -- RemoteInstall.cmd script:
START /WAIT clusrun /scheduler:RemotePc /nodes:RemotePc /user:Administrator /password:MyPass \\RemotePc\D$\Service\Install.cmd
On server -- Install.cmd script:
%WinDir%\Microsoft.NET\Framework\v4.0.30319\installutil MyService.exe
sc config "MyService" start= auto
sc config "MyService" obj= ".\Administrator" password= "MyPass"
sc failure "MyService" actions= restart/10000/restart/10000/restart/10000 reset= 86400
net start MyService
The last command returns errorlevel=2 when I run it from remote, while all the rest return errorlevel=0 if I run it locally or from remote.
Same error occurs when I use sc instead of net.
How can I make it work?

PsExec and invalid handles

I am trying to use a windows batch script that uses PsExec to execute commands on a remote machine. Periodically it has "invalid handle" and the script then fails.
The script has not altered or indeed either machine.
Does anybody know why this happens as sometimes the scripts runs without a hitch.
Alternatively does anybody know how to run a script on a machine as the local user for that machine with a more reliable technology.
PS Sometimes the first PsExec works and the others fail.
EDIT
The script is just on line (apart from setting the appropriate variables)
PsExec %HOSTNAME% -I -u %USERNAME% -p %PASSWORD% CMD /C RMDIR /S /Q e:\SomeDir
This sometimes works but sometimes fails with "invalid handle"
You need to debug the situation.
You have a script, then something (what is Jenkins?) launch it on a remote PC, sometime it works, sometime it fail.
Is it deterministic?
When it fail does it always fail?
How does it fail?
You need to acquire better knowledge of how/when the script fail.
Here is what I would do to gather better understanding of these fails.
Can you run the script multiple time?
From the comments it seem that you run the script every hours, can you run it 3/4/5 time in a row, for each hours?
This will help you to determine how it fail: if you run it 5 time, does it works every time? it it fail, does it fail 5 times in a row?
Can you try to use different script?
You can create some more similar, but simpler, scripts.
So you can try your script with the RMDIR, then another script with a simple DIR command (just to se if the script launching/connection mechanism works) then another script with a simple ECHO command (so it doesent need to access any files/folder)
Run debug scripts on the local PC
Then, you can simultaneously run other scripts that run on the LOCAL PC (not the remote one where you need to execute the RMDIR) that try to access the remote PC, with a PING, or by copying a file from/to a network share...
Sniff the network
You can even set up a Wireshark instance that log all the packet sent between the 2 PC, this can be helpful to analyse/exclude networking issue.
You clearly need to track/log everything.
With this kind of information maybe you/we can have a better understanding of where the issue is.
=====================================
UPDATE 1 - Record some log
=====================================
Maybe you can try to use the following modified scripts to have some log files.
These script will create 2 log files, one on the remote PC (containing the message of the remotely executed command) and one on the local PC (containing any message from PsExec)
(you'll need to tweak the path where the log file are saved)
psexec %HOSTNAME% -I -u %USERNAME% -p %PASSWORD% CMD /C "RMDIR /S /Q e:\SomeDir >>c:\RemoteComputer.log 2>&1" >>c:\LocalComputer.log 2>&1
or the following one without the /I
Are you sure you need the /I parameters for CMD? On my Pc it doesn't works if I use the /I parameters...
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "RMDIR /S /Q e:\SomeDir >>c:\RemoteComputer.log 2>&1" >>c:\LocalComputer.log 2>&1
After some testing on my PCs, I've seen that PsExec install a service on the remote PC to run the command remotely. (It's called PsExecSvc.exe, installed in c:\windows\ on the WinXP PC I'm using for this test)
The remote installation/uninstallation of this temporary service for the command execution can surely be one of the possible "failure point" that generate the error.
If this is the case, then you should be able to track this down by looking at the LocalComputer.log, that will contain the message/error from PsExec.
As stated in my previous advice, I would also try to schedule simpler script like
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "dir c:\ >>c:\RemoteComputerDir.log 2>&1" >>c:\LocalComputerDir.log 2>&1
and
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "echo SuperEchoTest >>c:\RemoteComputerEcho.log 2>&1" >>c:\LocalComputerEcho.log 2>&1
===================================
UPDATE 2 - Try to use WMI
===================================
You can try to run the remote command by using WMI
wmic /node:%HOSTNAME% /user:%USERNAME% /password:%PASSWORD% process call create "CMD /C RMDIR /S /Q e:\SomeDir"
When you use WMI you need to be sure that windows firewall is not blocking your command. (when I tried to run a remote command with WMIC the windows firewall notification popped up on my Win 7 PC)
(I've the instruction to use WMIC here)
Yes, there is a more reliable technology for executing commands on a remote machine and is called powershell. For example, you can run :
test-connection -computername server01, server02, server12
pings from local computer to several remote computers.
Another very useful command is:
invoke-command -filepath c:\scripts\test.ps1 -computerName Server01
runs the Test.ps1 script on the Server01 computer.
A tutorial gives several examples on how to Run PowerShell Commands on Remote Computers.
A different technology can be found mimicking the Linux world, and using ssh. It's very common with clusters and I have personally used it with Windows Server 2008 R2, so I don't expect any difference on windows 7.
This task is commonly performed with ssh and password-less public key authentication. With it, the only needed information is the IP of the remote server and the public key of the client, stored on the server: only the client with the corresponding private key can connect to it (the keys must be created with ssh-keygen, on the client. The public key is copied to the server)
The server must have the TCP port 22 accessible from outside, in case there are firewalls, NATs,...
In my case I used the ssh server included in Windows SUA, but I suggest you forget them (they are deprecated, and quite cumbersome actually) and give a try to the OpenSSH cygwin server, sshd - even if not officially Microsoft, there is a large community supporting it at least - and occasionally I have used it reliably.
The client ssh command is included in SUA, in cygwin, or you can use putty if you want a lightweight solution on the client (not that cygwin is heavy - just the burden of having a sort of linux emulation that's not needed)
Giving a search for example I have found this post, explaining well the needed steps.

sql server installation errors regarding WMI service

I am trying to install SQL Server 2008 and during the pre requisite check its always fails on
WMI service "Failed".
I went to the event viewer and found this error in there.
"Failed to Initialize WMI Core or Provider SubSystem or Event SubSystem with error number 0x80040154. This could be due to a badly installed version of WMI, WMI repository upgrade failure, insufficient disk space or insufficient memory."
I know there is a lot of space available in my hard drive. Also i tried a few things after googling like WMIFIX.bat file. The file ran fine but did not fix the problem.
Has anyone had this problem? If so do you have a solution?
if you have a domain so Run this Command with administrator Privilege
you can copy this Command and Past in Notbat with .bat extention. and run them.
Rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf
Netsh firewall reset
sc config SharedAccess obj= LocalSystem password= "" type= interact type= own
sc config RpcSs obj= LocalSystem password= "" type= interact type= own
sc config RpcLocator obj= LocalSystem password= "" type= interact type= own
sc config winmgmt obj= LocalSystem password= "" type= interact type= own
sc config Wmi obj= LocalSystem password= "" type= interact type= own
net start winmgmt
net start Wmi
net start RpcSs
net start RpcLocator
net start WmiApSrv
netsh firewall add portopening TCP 135 "Open Port 135"
netsh firewall add portopening TCP 445 "Open Port 445"
netsh firewall add portopening TCP 139 "Open Port 139"
netsh firewall set opmode mode=DISABLE
shutdown /r
if your problem did not solve you Can execute this Command in Command Prompt with admin privilege.. you can just copy and paste them in notepad and rename it with .bat extention an run the file..
net stop winmgmt
C:
cd %systemroot%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in ('dir /b /s *.dll') do regsvr32 /s %%s
for /f %%s in ('dir /b *.mof') do mofcomp %%s
for /f %%s in ('dir /b *.mfl') do mofcomp %%s
echo DONE reboot
pause
just it and have a good day !!!!!
Run the WMI Diag Utility. Here are the instructions how to do this:
Download WMIDiag.
To run the WMIDiag tool:
1. Open a command prompt window.
(Use "Run As Administrator", if applies to your Operating System version)
2. Navigate to the wmidiag folder that was created when you ran Wmidiag.exe.
3. Type cscript wmidiag.vbs.
View what the output of that is and post what it says. That'll give you a better indication of what's happening.
Here is a reference for the above instructions.
I faced this issue when I tried to install SQL Express
For me, following steps worked out which I referred from http://mikeymurph.me/fix-wmi-service-error/
Run the following in Powershell in Administrator mode
PS C:\Windows\system32> winmgmt /verifyrepository
WMI repository verification failed
Error code: 0x80041002
Facility: WMI
Description: Not found
PS C:\Windows\system32> Winmgmt /resetrepository
WMI repository has been reset
Now try to install SQL Server again.

Resources