Powershell – psexec hangs only when using username and password and calling from a PowerShell script

powershellpstools

I am attempting to use psexec to start a process in an interactive session that has already been opened. Both my machine and the remote machine are Windows 7. Using the command from within command prompt works fine, the executable is started and is visible in the GUI.

psexec64 -accepteula -nobanner \\hostname -u domain\user -p password -h -i 2 -d C:\workingdir\subfolder\application.exe

However, when I attempt to execute the same call within a PowerShell script, it does not work. See the full script for context.

# invalid args: $psExecArgs = "-accepteula", "-nobanner", "-u domain`\${username}", "-p ${password}", "-h", "-i ${sessionId}", "-d", "`\`\${hostname}", "`"${executableDirectory}`\${executableName}`""
# hangs: $psExecArgs = "-accepteula", "-nobanner", "-u domain`\${username}", "-p ${password}", "-h", "-d", "`\`\${hostname}", "`"${executableDirectory}`\${executableName}`""
$psExecArgs = "-accepteula", "-nobanner", "-h", "-d", "`\`\${hostname}", "`"${executableDirectory}`\${executableName}`""
& $EchoArgsPath $psExecArgs
$result = & $PsExecPath $psExecArgs #2>$null

When giving all of the same arguments, the value of $result is the psexec help as if an invalid argument is given.
When -i 2 is removed, psexec shows in the running processes list on my machine and appears to hang; no psexecsvc process is started on the remote machine.
When -u and -p are removed, psexec is started but as expected, the process starts in a non-interactive session on my account on the remote machine.

I see the same kind of behavior when using pslist and pskill so I replaced those with tasklist and taskkill. I have ensured that UAC is disabled and that I can map to the Admin$ share on the remote machine using the credentials I am providing.

While typing this question I found a question suggesting that stdin might be an issue but I'm not sure if it is relevant in my case.

Best Answer

Declaring a variable like $psExecArgs = "-accepteula", "-nobanner" makes an array of strings.

You are running whatever the strings say (using &) instead of launching a process and providing arguments, so the arguments would need to be simple strings as well (not an array of strings).

Then to further muddy it, if you were to provide the arguments in a single string ($psExecArgs = "-accepteula -nobanner"), that actually only appears as one argument to PSExec, and won't work either.

So, instead of trying to run the strings, one option is to use PowerShell's Start-Process command, which expects the arguments to be fed to it in an array (as you are currently doing).

Try changing command lines like:

& $PsExecPath $psExecArgs

to something like:

Start-Process $PsExecPath $psExecArgs

You'll have to handle the return code and errors a little differently, something like:

try {
  $process = (Start-Process -FilePath $psexec -ArgumentList $psExecArgs -NoNewWindow -PassThru)
} 
catch {
  Write-Output "Error launching process!" 
  Write-Output $_.Exception.Message
  $process = $null
}
finally {
  if ($process) {
    $process.WaitForExit()
    Write-Host "Process exit code: " $process.ExitCode
  }
}

Related Solutions

How a batch file runs on a remote machine started by PSEXEC

Did you try copying the batch file, then using the 'at' command to schedule the batch file to run on the remote computer in a couple of minutes?

Also, using WMI to launch it instead of psexec: Send a batch file to a Windows machine, and execute it

(Also, is there a way to close questions without accepting any answers on ServerFault, so they don't hang around as 'unanswered'?)

Powershell – PSEXEC from powershell

I wrote the following function to start a process on a remote server:

Function StartRemote {
   param([string] $computer = $(Read-Host "Computername"),
         [string] $cmd = $(Read-Host "Commandline"))

   $remoteProcess = "" | Select-Object ProcessID, ComputerName, `
                         ReturnValue, ReturnMsg, Cmd
   $remoteProcess.ComputerName = $computer
   $remoteProcess.Cmd = $cmd
   $mc = New-Object System.Management.ManagementClass `
         "\\$computer\root\cimv2:Win32_Process"
   $result = $mc.create($cmd)
   $remoteProcess.ReturnValue = [int]$result.ReturnValue
   $remoteProcess.ProcessID = $result.ProcessId
   switch($remoteProcess.ReturnValue) {
     0 { $remoteProcess.ReturnMsg = "OK" }
     2 { $remoteProcess.ReturnMsg = "Access denied" }
     3 { $remoteProcess.ReturnMsg = "Insufficient privilege" }
     8 { $remoteProcess.ReturnMsg = "Unknown failure" }
     9 { $remoteProcess.ReturnMsg = "Path not found" }
     21 { $remoteProcess.ReturnMsg = "Invalid parameter" }
   }
   return $remoteProcess
 }

It requires the computername and your commandline as a string, be sure to escape additional quotes, and returns a custom object with info about your process:

PoSH> StartRemote -computer TEST-VM -cmd "gpupdate /force"

ProcessID    : 6992
ComputerName : TEST-VM
ReturnValue  : 0
ReturnMsg    : OK
Cmd          : gpupdate /force

Perhaps you can modify it to allow alternative credentials. Hope this is helpful.

Best Answer

Related Solutions

How a batch file runs on a remote machine started by PSEXEC

Powershell – PSEXEC from powershell

Related Topic