Jump to content

Remote install command line

JeffQOOQAAA
 Share

Recommended Posts

JeffQOOQAAA Wayfarer

JeffQOOQAAA

Posted
Posted

Hi All

If I want to excute command line RunWait(@ComSpec & "/C" &" \\HLKController\HLKInstall\Client\setup.cmd /qn ICFAGREE=Yes ") on client side

But only can excute autoit in server side. is possibly?

Server computer -> excute autoit -> send command  RunWait(@ComSpec & "/C" &" \\HLKController\HLKInstall\Client\setup.cmd /qn ICFAGREE=Yes ")  to Client computer excute

Link to comment
Share on other sites
Subz Universalist

Subz

Posted
Posted

What are the results of the following?

Click Start » Run
Type:  \\Y91066666666\Admin$
Click: OK

If you get access denied (or prompted for username and password) then the user account you're using doesn't have the correct permissions to access this system, in which case you'll need to use the -u Domain\Username and -p Password options in PSExec.

Link to comment
Share on other sites
weevil Seeker

weevil

Posted
Posted

Just putting my security hat on here.  PSExec is extremely risky.  If someone modifies this code they can do literally anything to that target machine.  If the target machine has any level of anti-malware on it this most likely won't work.  Remote Execution is high on the alarm list nowadays.  So to get it to work you might have to add the source machine as a trusted source, further jeopardising the security of the remote machine.

There are commercial softwares and opensource softwares for remote installation that are secure and have authentication built-in to them.

My 2 cents.

Link to comment
Share on other sites
Subz Universalist

Subz

Posted
Posted

@weevil In my experience PSExec is really only meant for domain networks and requires a trust between the host and guest systems.  I don't use it often but when I do I just RunAs my compiled executable (without username and password in the command line) and let Windows Authentication do the rest.  We use Trend Micro Office Suite and never had issue with it being flagged as malware.

Usually for software installs we use SCCM which generally installs as the system account from a remote share, this would mean we run the same risk if we allowed users access to the remote share.

I do agree that it is a powerful tool and that you do need to be mindful of security but wouldn't consider the tool itself a security risk just how you use it.

Link to comment
Share on other sites
weevil Seeker

weevil

Posted
Posted

@Subz

True, this is also where the danger lies.  I don't want this to turn into an InfoSec discussion though :)

SCCM servers are secure, the remote shares just have software repositories.  From the sounds of OPs question this will be run from a workstation - the weakest point of any network.  Using windows authentication assumes the logged in user has install rights which is even more risky - logging into a workstation as a domain admin for day-to-day.

 

If the installing file has an msi - I suggest MSIEXEC which is a built-in tool to Windows Servers

Link to comment
Share on other sites
rootx Universalist

rootx

Posted
Posted

I fix it a long time ago with this reg mod on the tagret machine... open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

add this....

LocalAccountTokenFilterPolicy

and set this value

1

reboot... and try again.

 

Link to comment
Share on other sites
JeffQOOQAAA Wayfarer

JeffQOOQAAA

Posted
  • Author
Posted

@ViciousXUSMC

I excute you suggest command but got fail information

 

PS C:\Users\Administrator\Desktop> Invoke-Command -ComputerName Y9106666666 -Scr
iptBlock {Get-Culture}
[Y9106666666] Connecting to remote server Y9106666666 failed with the
following error message : The WinRM client cannot process the request. If the
authentication scheme is different from Kerberos, or if the client computer is
not joined to a domain, then HTTPS transport must be used or the destination
machine must be added to the TrustedHosts configuration setting. Use winrm.cmd
to configure TrustedHosts. Note that computers in the TrustedHosts list might
not be authenticated. You can get more information about that by running the
following command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (Y9106666666:String) [], PSRemotingTr
   ansportException
    + FullyQualifiedErrorId : ServerNotTrusted,PSSessionStateBroken
PS C:\Users\Administrator\Desktop>

Link to comment
Share on other sites
Subz Universalist

Subz

Posted
Posted

By default Windows will not allow you to logon to a system remotely with a null password, this is by design because it would be a major security risk.

In WIndows XP I used the following registry key on my kids system to remote control in, but that was a few years ago now and have no idea if it still works on later OSs.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LimitBlankPasswordUse"=dword:00000000

Link to comment
Share on other sites
  • 2 weeks later...
JeffQOOQAAA Wayfarer

JeffQOOQAAA

Posted
  • Author
Posted

 @ViciousXUSMC

Still got fail message....

PS C:\Users\Administrator\Desktop> Invoke-Command -ComputerName Y9106666666 -Scr
iptBlock {Get-Culture}
[Y9106666666] Connecting to remote server Y9106666666 failed with the
following error message : The WinRM client cannot process the request. If the
authentication scheme is different from Kerberos, or if the client computer is
not joined to a domain, then HTTPS transport must be used or the destination
machine must be added to the TrustedHosts configuration setting. Use winrm.cmd
to configure TrustedHosts. Note that computers in the TrustedHosts list might
not be authenticated. You can get more information about that by running the
following command: winrm help config. For more information, see the
about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (Y9106666666:String) [], PSRemotingTr
   ansportException
    + FullyQualifiedErrorId : ServerNotTrusted,PSSessionStateBroken
PS C:\Users\Administrator\Desktop>

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...