question

cornenietnodig-5642 avatar image
0 Votes"
cornenietnodig-5642 asked ·

powershell run a batchfile or ps1 file on remote pc

I have some trouble to start a batchfile or ps1 file on a remote system with invoke-command. I know that when starting such a script or batch in powershell on a networkshare that there is some problems with double hop. So i first copy the files to the local system, that is a challenge already because i the copy command is in the batchfile or script that i want to execute on the remote pc or server.

What i have tried is directly read the batch or ps1 from a networkshare but that gives me a access denied, i think double hop. So then next:
$computerName = 'testpc'
Copy-Item -path \\share\uninstalsp.bat -Destination \\$computername\c$\temp\uninstallsp.bat
Copy-Item -path \\share\bas.bat -Destination \\$computername\c$\temp\bas.bat
invoke-command -computername $computerName -scriptblock{Start-Process "C:\temp\uninstallsp.bat"}
invoke-command -computername $computerName -scriptblock{Start-Process "C:\temp\bas.bat"}

After this there is no error but nothing happens on the remote system. I have already had this before with other files, no error but nothing happens. In this example i try to uninstall a program, in the batchfile there are some registry keys changed and the uninstall certain software is executed so the last batchfile must wait for the first.

What am i doiing wrong? And how can i run this without copy the files to the local system and complicated double hop?


windows-server-powershell
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
0 Votes"
MotoX80 answered ·

In addition to Andreas's comments, you are issuing a Start-Process but you are not waiting for it to finish. You would need to add -Wait to the command. But you would still be wondering what happened because you are not capturing stdout or stderr.

Try this.

 $sb = {
     "Calling uninstall"
     cmd.exe /c "C:\temp\uninstallsp.bat" 2>&1
     ""
     "Calling bas"
     cmd.exe /c "C:\temp\bas.bat"  2>&1
 }
 $computerName = 'testpc'
 Copy-Item -path \\server\share\uninstalsp.bat -Destination \\$computername\c$\temp\uninstallsp.bat
 Copy-Item -path \\server\share\bas.bat -Destination \\$computername\c$\temp\bas.bat
 invoke-command -computername $computerName -scriptblock  $sb


· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered ·

Hi @cornenietnodig-5642 ,

The path of the Copy-Item looks wrong: \\share\uninstalsp.bat
It should be \\computer\share\uninstalsp.bat

The destination of Copy-Item is an administrative share (`\\$computername\c$`).
The user running the script needs to be local administrator to access \\$computername\c$.

On the remote computer the files are in C:\temp?


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cornenietnodig-5642 avatar image
0 Votes"
cornenietnodig-5642 answered ·

Thanks andreas and MotoX, it looks like this is working

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cornenietnodig-5642 avatar image
0 Votes"
cornenietnodig-5642 answered ·

I would like to expand the script after this software is uninstalled in the same script install new software so i have added the line:

Get-Package -Name antivirus-oud | Uninstall-Package
Start-Process msiexec.exe -Wait "/i \\$computername\c$\temp\antivirus.msi /qn"

First one is to make sure antivirus-oud is uninstalled (although it is Sophos and there is always something left behind in programms) and the second one is installing a new virusscan. These commands i have put right beneath the copy-item commands and started a new copy-item at the begginning to copy the new antivirus msi to the local machine.

How ever it looks like the new antivirus install is popping up on my own computer when leaving /qn away. Must the line start process be elsewhere in the script?

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
0 Votes"
MotoX80 answered ·

These commands i have put right beneath the copy-item

Those statement need to be included in the script block so that they are invoked on the target pc.

You should also be adding error checking along the way to verify that a given step was successful before executing the next step.

Normally with an AV uninstall/reinstall, a reboot or 2 is required along the way.

 $sb = {
      "Calling uninstall"
      cmd.exe /c "C:\temp\uninstallsp.bat" 2>&1
      ""
      "Calling bas"
      cmd.exe /c "C:\temp\bas.bat"  2>&1
      "Uninstall old software."
       Get-Package -Name antivirus-oud | Uninstall-Package
       "Install new software"
        Start-Process msiexec.exe -Wait "/i c:\temp\antivirus.msi /qn"
  }
  $computerName = 'testpc'
  Copy-Item -path \\server\share\uninstalsp.bat -Destination \\$computername\c$\temp\uninstallsp.bat
  Copy-Item -path \\server\share\bas.bat -Destination \\$computername\c$\temp\bas.bat
  invoke-command -computername $computerName -scriptblock  $sb





· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I have done this but it looks like the install does not do anything. It says:
uninstall old software
install new software


The last 2 messages appear very quick and very quick after the message it comes with the prompt. The only thing i changed in your script is that i added 2 copy-item commands from the same share and to the same $computername right beneath the other 2 copy-item commands.
The lines: uninstall old software and install new software are displayed but i am in doubt that they are executed on the remote system.


0 Votes 0 ·
MotoX80 avatar image MotoX80 cornenietnodig-5642 ·

I don't know what commands or executables you have in your bat files. Do they contain any ECHO statements to display messages? If they don't, add some like this example.

 echo  Bat file is starting. %date% %time% 
 someprogram.exe /someswitch
 set rc=%errorlevel%
 echo someprogram ended RC=%rc% 
 echo Bat file is ending. %date% %time% 

What logging options do the .exe's provide? Can you specifiy the log file name as a command line switch? Add it and then do a Get-content to read the log file and display it.


msiexec /? shows...

!71076-capture.jpg


0 Votes 0 ·
capture.jpg (38.3 KiB)
cornenietnodig-5642 avatar image
0 Votes"
cornenietnodig-5642 answered ·

I have added what you mentioned but that displays on the screen, it does not add any troubleshooting. Still cannot see anuthing on the client machine, i think the msiexec is not starting or it does nothing. I cannot see any log in c:\temp in that machine.
Purpose is to deinstall Sophos and reinstall sophos. Maybe this is not nessecairy but that does not matter, this is also for future deinstallations and installation to know how powershell works with this on remote machines...

This is wat i have right now:


$sb = {
"Calling uninstall"
cmd.exe /c "C:\temp\uninstall-sophos-bas.bat" 2>&1
""
"Calling Sophoszap"
cmd.exe /c "C:\temp\Sophosuninstall.bat" 2>&1
"Uninstall old software."
Get-Package -Name Sophos | Uninstall-Package
"Install new software"
echo Bat file is starting. %date% %time%
Start-Process msiexec.exe -Wait "/i c:\temp\sophos_X64.msi /qn /l*v c:\temp"
set rc=%errorlevel%
echo someprogram ended RC=%rc%
echo Bat file is ending. %date% %time%
}
$computerName = 'testpc'
Copy-Item -path \\server\path\Sophos_X64.msi -Destination \\$computername\c$\temp\sophos_X64.msi
Copy-Item -path \\server\path\Sophoszap.exe -Destination \\$computername\c$\temp\Sophoszap.exe
Copy-Item -path \\server\path\sophos\Sophosuninstall.bat -Destination \\$computername\c$\temp\Sophosuninstall.bat
Copy-Item -path \\server\path\uninstall-sophos-bas.bat -Destination \\$computername\c$\temp\uninstall-sophos-bas.bat
invoke-command -computername $computerName -scriptblock $sb

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
0 Votes"
MotoX80 answered ·

The echo commands need to go in the .bat files, not the PS script.

Edit C:\temp\Sophosuninstall.bat What statements are in it? Does it call msiexec, or some Sophos.exe?

  @echo  Sophosuninstall.bat is starting. %date% %time% 
  Sophos.exe /uninstall  /someotherswitch
  @set rc=%errorlevel%
  @echo Sophos.exe ended RC=%rc% 
  @echo Sophosuninstall.bat is ending. %date% %time% 


Your start-process is wrong.

 $sb = {
     "Calling uninstall"
     cmd.exe /c "C:\temp\uninstall-sophos-bas.bat" 2>&1
     ""
     "Calling Sophoszap"
     cmd.exe /c "C:\temp\Sophosuninstall.bat" 2>&1
     ""
     "Uninstall old software."
     Get-Package -Name Sophos | Uninstall-Package
     ""
     "Install new software"
     start-process -Wait -filepath msiexec.exe -argumentlist "/i c:\temp\sophos_X64.msi /qn /lv c:\temp\Sophos.log"
     "Msiexe RC={0}" -f  $LASTEXITCODE
     "**************** Sophos Install Log********************"
     get-content c:\temp\Sophos.log
 }
 $computerName = 'testpc'
 Copy-Item -path \\server\path\Sophos_X64.msi -Destination \\$computername\c$\temp\sophos_X64.msi
 Copy-Item -path \\server\path\Sophoszap.exe -Destination \\$computername\c$\temp\Sophoszap.exe
 Copy-Item -path \\server\path\sophos\Sophosuninstall.bat -Destination \\$computername\c$\temp\Sophosuninstall.bat
 Copy-Item -path \\server\path\uninstall-sophos-bas.bat -Destination \\$computername\c$\temp\uninstall-sophos-bas.bat
 invoke-command -computername $computerName -scriptblock $sb


You could also use:

 start-process -Wait msiexec.exe "/i c:\temp\sophos_X64.msi /qn /lv c:\temp\Sophos.log"
· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Chris-1748 avatar image
0 Votes"
Chris-1748 answered ·

take a look to psexec from sysinternal tool. You can execute a script on remote computer with one/two lines

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cornenietnodig-5642 avatar image
0 Votes"
cornenietnodig-5642 answered ·

Hi, this is sophosuninstall.bat. I have added the echo commands and will check it tommorrow with the right command for the install.

I thought it would be much easier to execute a msi or exe of bat with powershell on a remote machine. But there are much caches to go. When you look simple at for instance the command invoke-command -computername somesystemname c:\temp\starten.msi(or.exe of.bat) amd the path c:\temp\starten.msi/exe/bat is from my local system of the other method is enter-pssession somepc and then execute the msi,exe or bat but it's not that wasy though..
Then the file must be on the remote system and cannot be simple on a networkshare because of the double hop etc...

This is the uninstall.bat, downloaded from the internet.

net stop "SAVService"
net stop "Sophos AutoUpdate Service"
net stop "Sophos Anti-Virus"
"C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallcli.exe"
:Sophos AutoUpdate XG Endpoint (6.0.457.0) Server (6.0.457.0)
MsiExec.exe /qn /X{72E136F7-3751-422E-AC7A-1B2E46391909} REBOOT=ReallySuppress
MsiExec.exe /qn /X{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16} REBOOT=ReallySuppress
MsiExec.exe /qn /X{BCF53039-A7FC-4C79-A3E3-437AE28FD918} REBOOT=ReallySuppress
MsiExec.exe /qn /X{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520} REBOOT=ReallySuppress
MsiExec.exe /qn /X{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54} REBOOT=ReallySuppress
MsiExec.exe /qn /X{E82DD0A8-0E5C-4D72-8DDE-41BB0FC06B3E} REBOOT=ReallySuppress
:Sophos Anti-Virus Endpoint 10.8.3.441
MsiExec.exe /qn /X{85F78DA7-8E8E-49C9-969F-A62D2B43C046} REBOOT=ReallySuppress
MsiExec.exe /qn /X{8123193C-9000-4EEB-B28A-E74E779759FA} REBOOT=ReallySuppress
MsiExec.exe /qn /X{36333618-1CE1-4EF2-8FFD-7F17394891CE} REBOOT=ReallySuppress
MsiExec.exe /qn /X{DFDA2077-95D0-4C5F-ACE7-41DA16639255} REBOOT=ReallySuppress
MsiExec.exe /qn /X{CA3CE456-B2D9-4812-8C69-17D6980432EF} REBOOT=ReallySuppress
MsiExec.exe /qn /X{CA524364-D9C5-4804-92DE-2800BDAC1AA4} REBOOT=ReallySuppress
MsiExec.exe /qn /X{3B998572-90A5-4D61-9022-00B288DD755D} REBOOT=ReallySuppress
MsiExec.exe /qn /X{4BAF6F55-FFE4-4A3A-8367-CC2EBB0F11C3} REBOOT=ReallySuppress
MsiExec.exe /qn /X{BA8752FE-75E5-43DD-9913-23509EFEB409} REBOOT=ReallySuppress
:Sophos Anti-Virus Server 10.8.4.227
MsiExec.exe /qn /X{01423865-551B-4C59-B44A-CC604BC21AF3} REBOOT=ReallySuppress
MsiExec.exe /qn /X{72E30858-FC95-4C87-A697-670081EBF065} REBOOT=ReallySuppress
MsiExec.exe /qn /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} REBOOT=ReallySuppress
MsiExec.exe /qn /X{2519A41E-5D7C-429B-B2DB-1E943927CB3D} REBOOT=ReallySuppress
MsiExec.exe /qn /X{6654537D-935E-41C0-A18A-C55C2BF77B7E} REBOOT=ReallySuppress
:Sophos System Protection
MsiExec.exe /qn /X{934BEF80-B9D1-4A86-8B42-D8A6716A8D27} REBOOT=ReallySuppress
MsiExec.exe /qn /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} REBOOT=ReallySuppress
:Sophos Network Threat Protection Endpoint (1.8.1555) Server (1.8.1555)
MsiExec.exe /qn /X{604350BF-BE9A-4F79-B0EB-B1C22D889E2D} REBOOT=ReallySuppress
:Sophos Health Endpoint (2.1.0.33) Server (2.0.6.828)
MsiExec.exe /qn /X{80D18B7B-8DF1-4BCA-901F-BEC86BAE2774} REBOOT=ReallySuppress
MsiExec.exe /qn /X{A5CCEEF1-B6A7-4EB4-A826-267996A62A9E} REBOOT=ReallySuppress
MsiExec.exe /qn /X{D5BC54B8-1DA1-44F4-AE6F-86E05CDB0B44} REBOOT=ReallySuppress
MsiExec.exe /qn /X{E44AF5E6-7D11-4BDF-BEA8-AA7AE5FE6745} REBOOT=ReallySuppress
:Sophos Diagnostic Utility Endpoint (1.24.0.2) Server (1.24.0.2)
MsiExec.exe /qn /X{4627F5A1-E85A-4394-9DB3-875DF83AF6C2} REBOOT=ReallySuppress
:Heartbeat
MsiExec.exe /qn /X{DFFA9361-3625-4219-82C2-9EF011E433B1} REBOOT=ReallySuppress
:Sophos Management Communications System Endpoint (4.10.423.0) Server (4.10.423.0)
MsiExec.exe /qn /X{A1DC5EF8-DD20-45E8-ABBD-F529A24D477B} REBOOT=ReallySuppress
MsiExec.exe /qn /X{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179} REBOOT=ReallySuppress
MsiExec.exe /qn /X{D875F30C-B469-4998-9A08-FE145DD5DC1A} REBOOT=ReallySuppress
MsiExec.exe /qn /X{2C14E1A2-C4EB-466E-8374-81286D723D3A} REBOOT=ReallySuppress
"C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\Uninstall.exe" /uninstall /quiet
:Sophos Endpoint UI Endpoint (1.7.452.0) Server (1.7.452.0)
MsiExec.exe /qn /X{D29542AE-287C-42E4-AB28-3858E13C1A3E} REBOOT=ReallySuppress
:Sophos Endpoint Firewall Endpoint (1.1.0.0) Server (1.1.0.0)
MsiExec.exe /qn /X{2831282D-8519-4910-B339-2302840ABEF3} REBOOT=ReallySuppress
:Sophos Endpoint Self Help Endpoint (2.2.17.0) Server (2.2.17.0)
MsiExec.exe /qn /X{B9C2F07D-1137-4E3D-B22B-05144293EF42} REBOOT=ReallySuppress
MsiExec.exe /qn /X{4EFCDD15-24A2-4D89-84A4-857D1BF68FA8} REBOOT=ReallySuppress
MsiExec.exe /qn /X{BB36D9C2-6AE5-4AB2-BC91-ECD247092BD8} REBOOT=ReallySuppress
:Sophos Lockdown 7.1.2
MsiExec.exe /qn /X{77F92E90-ED4F-4CFF-8F60-3E3E4AEB705C} REBOOT=ReallySuppress
:Sophos Exploit Prevention Endpoint (3.7.14.40) Server (3.7.14.40)
"C:\Program Files (x86)\HitmanPro.Alert\Uninstall.exe" --quiet
:Sophos File Scanner Endpoint (1.5.15.0) Server (1.5.15.0)
"C:\Program Files\Sophos\Sophos File Scanner\Uninstall.exe"
:Sophos Standalone Engine Endpoint (1.2.24) Server (1.2.24)
"C:\Program Files\Sophos\Sophos Standalone Engine\Uninstall.exe"
:Sophos ML Engine Endpoint (1.2.16) Server (1.1.149)
"C:\Program Files\Sophos\Sophos ML Engine\Uninstall.exe"
:Sophos Endpoint Agent Endpoint (2.4.1) Server (2.2.7)
"C:\Program Files\Sophos\Sophos Endpoint Agent\uninstallgui.exe"
:Sophos Clean Endpoint (3.8.6.1) Server (3.8.6.1)
"C:\Program Files (x86)\Sophos\Clean\uninstall.exe"
:Sophos Endpoint Defense Endpoint (2.1.3.26) Server (2.1.3.44)
"C:\Program Files\Sophos\Endpoint Defense\uninstall.exe"
:HitmanPro.Alert 3 (managed by Sophos) Endpoint (3.7.14.40) Server (3.7.14.40)
"C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /uninstall /quiet
:HMPA 1.0.0.699
"C:\Program Files (x86)\HitmanPro.Alert\uninstall.exe" --quiet
:HMPA 3.7.14.265
"C:\Program Files\HitmanPro\HitmanPro.exe" /uninstall /quiet
:Sophos File Integrity Monitoring Server (1.0.1.11)
MsiExec.exe /qn /X{425063CE-9566-43B8-AC61-F8D182828634} REBOOT=ReallySuppress
:Sophos Managed Detection and Response Endpoint (1.0.1.44)
"C:\Program Files\Sophos\Managed Detection and Response\SophosMDRUninstall.exe"
MsiExec.exe /qn /X{FED1005D-CBC8-45D5-A288-FFC7BB304121}
@set rc=%errorlevel%
@echo Sophos.exe ended RC=%rc%
@echo Sophosuninstall.bat is ending. %date% %time%

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Do you understand what I was trying to accomplish with these 3 lines?

@set rc=%errorlevel%
@echo Sophos.exe ended RC=%rc%
@echo Sophosuninstall.bat is ending. %date% %time%


I replied with a 24 line sample script on this post. It is one example of how you can work around the double hop problem by passing credentials to the scriptblock code.

https://docs.microsoft.com/en-us/answers/questions/276769/run-a-ps1-file-with-parameters-on-a-remote-compute.html

0 Votes 0 ·
cornenietnodig-5642 avatar image
0 Votes"
cornenietnodig-5642 answered ·

Thanks!, it looks like it is working now, the log file that is created is presented on the screen and installation is done on the remote machine..

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.