| JazzM |
| (Getting the hang of it) |
| 2006-05-23 04:09 PM |
Executing batch files on remote client
|
Hey,
I know remote execution has been discussed a lot in the forum. I have seen udf’s RemoteExec() and fnRemoteExec()…
So I decided to use the methods to execute commands on a remote client.
Something likes Radimus’s REM. Some remote DOS console which could execute commands on the remote machine.
Due to the fact remoteexec process has no network permissions, I followed the suggestion to include the commands in a batch file, copy it to the remote machine and then execute the batch file using remoteexec.
The Environment is W2K Sp4 on both local and remote client.
Same user with local admin right is logged on both clients.
Client are member of AD domain.
The Kix 4.52
Code:
$computer = "172.60.10.10"
$RemotePath = \\172.60.10.10\C$\Winnt\Temp\
Copy "C:\Script\dir.bat" $RemotePath /C
sleep 3
$rc = RMTEXEC($computer, 'C:\Winnt\Temp\dir.bat')
Function RMTEXEC($computer, $command)
Dim $Connect
$Connect = GetObject("winmgmts:{impersonationLevel=impersonate}!//$computer/root/cimv2:Win32_Process")
$RMTEXEC = $Connect.Create($Command)
Exit @error
$Connect = 0
EndFunction
Well, the batch file was copied, but nothing seems happen after that
I was hopping a CMD windows was pop up on the remote client and performed the content of the batch file.
What could be wrong or missing?
| Björn |
| (Korg Regular) |
| 2006-05-23 04:23 PM |
Re: Executing batch files on remote client
|
it runs within the system-account, and therefore nothing pops up.
| JazzM |
| (Getting the hang of it) |
| 2006-05-23 04:32 PM |
|
Re: Executing batch files on remote client
|
OK,
Now I changed the RMTEXEC with fnRemoteExec and provided domain user and password.
Code:
$rc = fnRemoteExec('C:\Winnt\Temp\dir.bat', $computer, $User , $Passwd)
Function fnRemoteExec($sCommand,Optional $sComputer,Optional $sUser,Optional $sPwd)
Dim $objLocator,$objSvc,$objSet
$objLocator = CreateObject("WbemScripting.SwbemLocator")
$objSvc = IIf($sComputer='',$objLocator.ConnectServer(),$objLocator.ConnectServer($sComputer,,$sUser,$sPwd))
If @ERROR Exit @ERROR EndIf
$objSet = $objSvc.Get("Win32_Process")
If @ERROR Exit @ERROR EndIf
$fnRemoteExec = $objSet.Create($sCommand)
Exit @ERROR
EndFunction
Should this work? Cause it don’t!
Same behavior, no action nothing happens.
If I want it to pop up, what should I do then?
| JazzM |
| (Getting the hang of it) |
| 2006-05-23 05:51 PM |
|
Re: Executing batch files on remote client
|
Seems that i missed something..
I found this comment by Radimus:
The remoteExec acct is SYSTEM, so it has local admin, but doesn't interact with the user at all ...
If you want a method of starting apps or files remotely in the user context, the best bet is to make a client script the starts from STARTUP or HKCU\...\run (runs as current user) that monitors a special folder, where you can remotely push commands / scripts
If I have understood this right it means that the RemoteExe is limited to some local & silent commands... like "net send".
If so, then is it possible to remotely change/create a process on remote client to interact with user/desktop, and then use the remotexe?
Could you explain what/how this means, any sample?
"...that monitors a special folder, where you can remotely push commands / scripts"
| JazzM |
| (Getting the hang of it) |
| 2006-05-24 12:25 PM |
|
Re: Executing batch files on remote client
|
Appreciate if some could put attention on this…
| Radimus |
| (KiX Supporter) |
| 2006-05-24 01:04 PM |
|
|
Re: Executing batch files on remote client
|
what you would want to do is make a "special folder" on the user's machine.
make a script that is launched from HKCU\..\run on the user's pc that monitors that folder for the presence of a specificaly named bat file (pushed.bat or whatever). If exist, run the bat then delete the contents of the special folder.
| JazzM |
| (Getting the hang of it) |
| 2006-05-24 02:57 PM |
|
Re: Executing batch files on remote client
|
Ok, I got it. Although it’s not a remote execution procedure.
Radimus your comment that the RemotExe() udf is limited to local & silent commands...
Is there any list of which command could be performed by remotexe() udf?
| Radimus |
| (KiX Supporter) |
| 2006-05-24 06:10 PM |
|
|
Re: Executing batch files on remote client
|
it can do any command. The issue is whether the command requires interaction, which it cannot receive nor will the current user see or interact with it. If you are passing a name and password, it can have access to network resources, otherwise the resources must be local.
When you remoteexec, it is then running in a seperate user context and as such will have it's own environment (think of a terminal server session).
The issue is what you are trying to make it do.
To be of more help, what is it that you are trying to do?
Are you trying to make the user respond to a prompt of some sort? Or are you trying to run a command that requires input from the user.
| JazzM |
| (Getting the hang of it) |
| 2006-05-25 04:10 AM |
|
Re: Executing batch files on remote client
|
Glad to have your response Rad.
My early intention was to create a console which could remotely execute any DOS/Batch command on remote client.
This could be very useful. It could remotley execute setup or uninstalling procedure for software on remote client.
e.g. sending and executing this would run the uninstall for ASE
"C:\Program Files\iTripoli\AdminScriptEditor\unins000.exe"
Ofcurse uninstall window would pop up and user have to choose to continue uninstalling or abort it.
Or deliver a batch file containing necessary data for software setup, then remotely execute the batch file on remote client.
Or creating a local account on remote client using “net localgroup”, adding it to local admin group etc…
Depended on what and how the remote execution is preformed, it would require user respond or input, or just silent without user notice anything.
Appreciate your feedback!
| Radimus |
| (KiX Supporter) |
| 2006-05-25 04:39 AM |
|
|
|
Re: Executing batch files on remote client
|
many of the installers today have silent switches for scripting purposes... for example MSI installers have uninstall commands in the uninstall key in HKLM\...\uninstall, append a "/q" or "/qb" to the cmd line and away it goes with no prompting.
So my point is, the remote execute works fine, it is the command that is executed that needs some work.
| JazzM |
| (Getting the hang of it) |
| 2006-05-25 07:34 PM |
|
Re: Executing batch files on remote client
|
Ok, that’s what I’m trying to achieve.
I have done a simple test. Created a batch file continuing UninstallString from HKLM\...\uninstall:
MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
This will generate the uninstall process for J2SE Runtime, which is installed on target machine.
I pushed the batch file to target machine C:\Winnt\Temp
Then I used remotexec to run the batch file remotely on that target machine.
If I understood your point, it won’t work because it wants to interact with user desktop on target. But it may work if it’s run silently using run MsiExec.exe "/q" or "/qb".
Or is it the batch file which must run under different circumstances?
How would you do to make it run on remote machine? Any samples?
NTDOC
|
| (KiX Master) |
| 2006-05-25 07:40 PM |
|
|
Re: Executing batch files on remote client
|
Well looking here it would appear that others are having trouble silently removing JAVA as well.
http://forum.java.sun.com/thread.jspa?threadID=692662&messageID=4025805
Try searching Google or the Sun site to see if you can find any assistance on what command line to use.
It has noting to do with KiXtart or the RemoteExec UDF, they can only run the items for you, but you need to find the correct code to do the silent non-interactive removal process.
| JazzM |
| (Getting the hang of it) |
| 2006-05-25 07:45 PM |
|
Re: Executing batch files on remote client
|
Doc, thanks for your input.
That was only an example. I have tested this for other installed software too.
But same symptoms.
I need also figure out the possible ways to execute CMD commands on remote machine.
|
NTDOC
|
| (KiX Master) |
| 2006-05-25 07:53 PM |
|
|
|
Re: Executing batch files on remote client
|
Hi Jazz,
I think maybe you're not seeing the overall bigger picture here. The RemoteExec UDF does not support ANY command that requires user interaction either physically or visibly.
If you have a list of 10 software titles that you want to remove then you have to find the EXACT proper code to perform the removal silently otherwise it will not work.
If you want to have some type of interaction then you might be able to use the tools from http://www.sysinternals.com but unless you have someone sitting on the other side to work with you it wouldn't work either. That is the whole idea of doing remote work is that you can do it on your own without user intervention.
Now, something that you "might" be able to do is use RemoteExec to create an INTERACTIVE scheduled application. Again though that sort of defeats the purpose of doing a remote admin script in the first place. If you're going to need interactive then why not just manually do the removal on your own while you're at the desktop.
| JazzM |
| (Getting the hang of it) |
| 2006-05-25 08:21 PM |
|
Re: Executing batch files on remote client
|
Thanks for your feedback Radimus and Doc.
I think/hope finally I begun understand the difference between interactive and none-interactive.
Once again I managed to make the subject unnecessary complex to understand the main point correctly.
But happy that I’m hopefully learned some about the difference of executing mode, and how it works.
Got admit that I found the “Remote exec” and “Remote install/uinstall” from Rads SIM project very attractive and useful.
Just thought, wow remotely executing whatever on an remote client… But now I now what the condition is for such operations.
However, if I missed something, happy to receive more of your feedback.
BR
| JazzM |
| (Getting the hang of it) |
| 2006-05-25 08:27 PM |
|
Re: Executing batch files on remote client
|
Btw, for some time ago I did a quick test of sysinternals PSEXEC. That was to remotely log of user... But I found using WMI more interesting...
Please do advice if you have done similar operations such remote execution, installing/uninstalling using psexec.
| Radimus |
| (KiX Supporter) |
| 2006-05-25 08:51 PM |
|
|
|
Re: Executing batch files on remote client
|
MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} /q
msiexec.exe /update OUTLOOKff.msp /qb-!
WindowsMedia10-KB911565-x86-enu /passive
J2SE_Runtime5.0_Update1.msi /qb-! WEBSTARTICON=0 SYSTRAY=0 JAVAUPDATE=0 IEXPLORER=0 REBOOT=Suppress
msiexec /x $setup\ess\setup.msi /qb-!
| JazzM |
| (Getting the hang of it) |
| 2006-05-25 09:04 PM |
|
Re: Executing batch files on remote client
|
Wow Rad,
That’s how the none-interactive silent mode could be executed remotley on remote machine. Have to test all these.
U R D Man
| Radimus |
| (KiX Supporter) |
| 2006-05-25 10:49 PM |
|
|
|
Re: Executing batch files on remote client
|
http://www.msfn.org/board/index.php?s=b9c8e180627730363494a2b7c02aa3cc&showforum=80
http://www.msfn.org/board/index.php?showtopic=20502
| JazzM |
| (Getting the hang of it) |
| 2006-05-26 03:29 PM |
|
Re: Executing batch files on remote client
|
Very useful links indeed, thanx a lot Rad….
The uninstall works very good, as it should….
I have one more silly Q:
Bellow will not work because the application to be installed on remote client, is located on network share.
Msiexec.exe /I \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet
Will it work if the network share is mapped as network drive on remote machine
Any suggestion/recommendations?
|
Lonkero
|
| (KiX Master Guru) |
| 2006-05-26 03:35 PM |
|
Re: Executing batch files on remote client
|
how it will not work?
if you type it in start menu -> run, it doesn't work?
| JazzM |
| (Getting the hang of it) |
| 2006-05-26 03:46 PM |
|
Re: Executing batch files on remote client
|
Yes of course it will work, if you run it on manually on remote machine….
I’m using RemoteExec to execute it remotely on a remote client.
Rad comment is: “If you are passing a name and password, it can have access to network resources; otherwise the resources must be local.”
So Im trying to find how to execute it using remoteexec() on remote client
|
Lonkero
|
| (KiX Master Guru) |
| 2006-05-26 03:55 PM |
|
Re: Executing batch files on remote client
|
k, you gave a username and password for it that has access to network?
and the error the udf returns is?
| JazzM |
| (Getting the hang of it) |
| 2006-05-26 04:30 PM |
|
Re: Executing batch files on remote client
|
No error!
Returned 0
Code:
$computer = "172.60.10.10"
$User = "domain\clientadm"
$Passwd = "silentadm"
$rc = fnRemoteExec('MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet', $computer, $User, $Passwd)
? $rc
Function fnRemoteExec($sCommand,Optional $sComputer,Optional $sUser,Optional $sPwd)
Dim $objLocator,$objSvc,$objSet
$objLocator = CreateObject("WbemScripting.SwbemLocator")
$objSvc = IIf($sComputer='',$objLocator.ConnectServer(),$objLocator.ConnectServer($sComputer,,$sUser,$sPwd))
If @ERROR Exit @ERROR EndIf
$objSet = $objSvc.Get("Win32_Process")
If @ERROR Exit @ERROR EndIf
$fnRemoteExec = $objSet.Create($sCommand)
Exit @ERROR
EndFunction
| Radimus |
| (KiX Supporter) |
| 2006-05-26 05:03 PM |
|
|
|
Re: Executing batch files on remote client
|
I played hell trying to get it to access network resources remotely... and I couldn't get much love at all.
Therefore I push the files to remote machine and execute it 'local' on the remote PC
| JazzM |
| (Getting the hang of it) |
| 2006-05-26 05:27 PM |
|
Re: Executing batch files on remote client
|
Ok, then not much love for me either …
So the result success conditions using RemoteExec() udf depends on:
- Commands which can be used in Silent, and None-Interactive mode.
- Commands that NOT requires or calls for network resources.
Until Windows truns to Unix!
|
NTDOC
|
| (KiX Master) |
| 2006-05-26 09:54 PM |
|
|
|
Re: Executing batch files on remote client
|
Sure you can do it now.
Push a tokenized script and batch file with Shawn's RUNNAS with an encrypted command to go out to the network and grab or run what you want, then when done delete those files.
All is hidden and silent so unless someone is actively snooping on the system the risk of locting or using the credentials is very low.
| Les |
| (KiX Master) |
| 2006-05-26 10:11 PM |
|
Re: Executing batch files on remote client
|
Quote:
Push a tokenized script and batch file with Shawn's RUNNAS...
Now there is a huge security hole if I ever saw one!
|
Shawn
|
| (KiX Supporter) |
| 2006-05-27 12:14 AM |
|
|
Re: Executing batch files on remote client
|
eh, someone spanking the runnas ?
| Les |
| (KiX Master) |
| 2006-05-27 12:22 AM |
|
Re: Executing batch files on remote client
|
I don't know why DOC is pimping your RUNNAS for insecure use. It's fine for EXEs where you can apply the CRC check, but it does no good to check CRC on KiX32.exe and then let the hacker subvert the process by sub'ing out the script.
|
NTDOC
|
| (KiX Master) |
| 2006-05-27 01:37 AM |
|
|
|
Re: Executing batch files on remote client
|
Well you tell me who you have working there at your work Les who is sniffing and scanning his/her box 24/7 for remote access like that.
Potentially if someone knew you were going to do it maybe, in real life probably a million to one chance that someone would see or know it was happening.
If you're that paranoid you could even use a network account that was specific for that task and disable that account after using it to cut down the time window even, and remotely ACL the folder so that the user has DENY on it, but that's is still being really PARANOID. But to each his or her own I suppose.
As with anything in life there are often risks and one has to judge for themselves what those risks are and if they're willing to take them.
| Les |
| (KiX Master) |
| 2006-05-27 02:38 AM |
|
Re: Executing batch files on remote client
|
Quote:
Well you tell me who you have working there at your work Les who is sniffing and scanning his/her box 24/7 for remote access like that.
Me, myself and I... all three of us monitor all traffic on the WAN pipe.
I am not a domain admin and if a domain admin were exposing vulnerabilities like you propose, that would soon change because I would leverage the opportunity and elevate myself just to prove a point and to get someone fired.
| JazzM |
| (Getting the hang of it) |
| 2006-05-27 02:46 AM |
|
Re: Executing batch files on remote client
|
Gotta admit with Doc... in this particular case, Im more then willing to take the chance ...
So lets do it. How can Shawn's RUNNAS help me.
I want to execute this remotly on a remote client (using RemoteExec() udf).
MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet
Where do I get Shawn's RUNNAS?
What is tokenized script?
| Les |
| (KiX Master) |
| 2006-05-27 02:55 AM |
|
Re: Executing batch files on remote client
|
I don't see why you would need to RUNNAS KiX and a tokenized script anyway. Just RUNNAS the installer with the CRC check. Much safer.
Seek and you shall find RUNNAS.
| Les |
| (KiX Master) |
| 2006-05-27 03:02 AM |
|
Re: Executing batch files on remote client
|
Eh, if you subscribe to DOC's security model, then you may as well just use PSExec and make it real easy.
| JazzM |
| (Getting the hang of it) |
| 2006-05-27 03:04 AM |
|
Re: Executing batch files on remote client
|
I find the RUNNAS... reading the conversations... Seems that dear Les is into security even there...
Well I don’t need the RUNNAS the whole kix… I just need RUNNAS for this part of the script… But first I would like to understand what I’m doing, before doing… could be a good idea… hehehe
| JazzM |
| (Getting the hang of it) |
| 2006-05-27 03:10 AM |
|
Re: Executing batch files on remote client
|
Ey don’t get me wrong ... Its good to have security brains around which could time to time remind us about the real world around...
But just for this particular case, I found the risk very low in the environment it will be used...
If dear Shawn has done a cool RUNNAS, then I certainly will test that instead of PSExec...
|
NTDOC
|
| (KiX Master) |
| 2006-05-27 03:43 AM |
|
|
|
Re: Executing batch files on remote client
|
Quote:
Me, myself and I... all three of us monitor all traffic on the WAN pipe.
Okay, sure you do Les. It's like a needle in a haystack. If you have 1,000 machines plus servers and you think you can monitor the Gigabytes of traffic to that level then I think you've just elevated yourself to a GOD like status.
Sorry, but unless you wrote a for purpose monitor and knew when this was going to happen it's just impossible to know when a remote call is valid or not and what it's doing.
The point here is that Jazz and ONLY Jazz knows he is doing it and when he is doing it. It's not like another Admin or user has a sniffer or protocol analyzer running specifically looking for a packet that contains RUNNAS. Just not realistic for anyone to perform such a task out of the blue without prior knowledge.
| JazzM |
| (Getting the hang of it) |
| 2006-05-29 11:28 AM |
|
Re: Executing batch files on remote client
|
ehhh...
Why is Shawn suddenly surrounded by monsters, losing his hat!!!
And Doc… look suspicious… smells Linux at the corner …
Is this because Les is monitoring the Wan …
| JazzM |
| (Getting the hang of it) |
| 2006-05-29 02:27 PM |
|
Re: Executing batch files on remote client
|
… ok dudes … back to the subject, if you don’t mind…
Now I’m completely lost…. Don’t really know how to use remoteexec() and RUNNAS together ….
Doc suggested to “Pushing a tokenized script and batch file with Shawn's RUNNAS…”
I tired and done some tests.. no success so far… getting dizzy on this…
Could some give me a hand to solve this?
The subject is still to remotely execute this: “MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet” - on a remote client using both remoteexec() udf and Shawn’s RUNNAS.
The “msi.bat” contains this: “MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet”
$computer = "172.60.10.10"
$RemotePath = “\\172.60.10.10\c$\winnt\temp\”
Copy "msi.bat" $RemotePath /C
$rc = RemoteExec('cmd /c c:\Winnt\Temp\msi.bat', $computer)
| Les |
| (KiX Master) |
| 2006-05-29 02:50 PM |
|
Re: Executing batch files on remote client
|
While it goes against my principles, I will offer some suggestions.
Don't use a BATch file!
You need to create a token file for RUNNAS.
Copy both RUNNAS and the generated token file to the local PC.
RemoteExec RUNNAS and pass the tokenfile as a parm.
|
Shawn
|
| (KiX Supporter) |
| 2006-05-29 02:59 PM |
|
|
|
Re: Executing batch files on remote client
|
Ja, I was just just going to pipe-up here as well. Copy the RUNNAS.exe to the remote machine, but I would suggest you leave the tokenization as a last step - get it working with a simple command-line first.
|
Shawn
|
| (KiX Supporter) |
| 2006-05-29 03:03 PM |
|
|
|
Re: Executing batch files on remote client
|
by the way - accessing the remote share using the "pure" remote command strategies (like WMI) does not work - we went down that road before (not sure where the thread is) ...
One of the guys we were working with at the time, went to MS with the issue. They came back saying that Windows does not support "passthrough authentication" - which means, a network resource will not trust the credentials from a source that is (really) remoted in from somewhere else. Maybe a bad description but I hope you get my meaning.
| JazzM |
| (Getting the hang of it) |
| 2006-05-29 04:31 PM |
|
Re: Executing batch files on remote client
|
Ok, let’s see if I got your point….
First I created a tok file as this:
runnas /user:domain\clientadm "MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet" /password:silentadm /tok:Test.tok /allowargs
Now I have Test.tok. I copied both Runnas.exe and Test.tok to target PC root.
Then I execute it with RemoteExec()
$rc = RemoteExec('cmd /c c:\Runnas.exe Test.tok’, $computer)
Should this work? It doesn’t.
I tried to perform it manually on target PC console:
c:\Runnas.exe Test.tok
It’s not working!
What I’m doing wrong?
|
Shawn
|
| (KiX Supporter) |
| 2006-05-29 04:40 PM |
|
|
|
Re: Executing batch files on remote client
|
After you run it by hand, if you ECHO %ERRORLEVEL%, whats it say ?
|
Shawn
|
| (KiX Supporter) |
| 2006-05-29 05:07 PM |
|
|
|
Re: Executing batch files on remote client
|
If not using %comspec% /c, might want to add the /wait switch too.
| JazzM |
| (Getting the hang of it) |
| 2006-05-29 05:09 PM |
|
Re: Executing batch files on remote client
|
it say: 0
The Runnas I got i version 1.14.0.0
Environment W2K SP4
|
Shawn
|
| (KiX Supporter) |
| 2006-05-29 05:10 PM |
|
|
|
Re: Executing batch files on remote client
|
Try that /wait switch
| JazzM |
| (Getting the hang of it) |
| 2006-05-29 05:26 PM |
|
Re: Executing batch files on remote client
|
humm... same ... not working...
I put the wait switch like this:
runnas /user:domain\clientadm "MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet" /password:silentadm /tok:Test.tok /wait /allowargs
the msi reports in event viewer, says Product Acdsee - installation operation completed succesfully.... the %ERRORLEVEL% gives a 0
...and still no Acdess has been installed....
|
Shawn
|
| (KiX Supporter) |
| 2006-05-29 05:29 PM |
|
|
|
Re: Executing batch files on remote client
|
What happens if you mangle the path to the msi - does it report a failure ?
|
Shawn
|
| (KiX Supporter) |
| 2006-05-29 05:30 PM |
|
|
|
Re: Executing batch files on remote client
|
I would try the old %comspec% /c in front of the msiexe.exe too.
| JazzM |
| (Getting the hang of it) |
| 2006-05-29 05:41 PM |
|
Re: Executing batch files on remote client
|
path to the msi ... %comspec% /c in front of the msiexe.exe ... all the same ... just wont working...
runnas /user:domain\clientadm "%comspec% /c c:\winnt\system32\MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet" /password:silentadm /tok:Test.tok /wait /allowargs
|
Shawn
|
| (KiX Supporter) |
| 2006-05-29 06:26 PM |
|
|
|
Re: Executing batch files on remote client
|
Take this off:
/tok:Test.tok
| JazzM |
| (Getting the hang of it) |
| 2006-05-30 11:45 AM |
|
Re: Executing batch files on remote client
|
nop... none of this works .... jazz will give this up for now ...
not much fun out of this ...
|
NTDOC
|
| (KiX Master) |
| 2006-05-30 09:30 PM |
|
|
|
Re: Executing batch files on remote client
|
Quote:
not much fun out of this ...
ROFLMAO
Yes, scripting can be both FUN and FRUSTRATING at the same time.