question

JuanBrickTech-8753 avatar image
0 Votes"
JuanBrickTech-8753 asked FanFan-MSFT commented

Push out Commands to all Domain PCs

I'm looking for a way to push out commands to all workstations. The scenario is as follows:

I often go to environments that I am not familiar with to audit the network. Part of that is a network scan, but to use our specific tools we need to configure a couple of things on every workstation (enable wmi access, enable file and printer sharing, etc.). We have a batch file we can run on every computer, but this solution does not scale well as you can imagine. I've included the commands we run below.

Ideally, there would be a way to push out the batch file to run one time on all computers connected to the domain. Alternatively, we could create a new batch file that creates GPO that does the same things, but this is something that I have not done before.

Any help is really appreciated!

rem Allow the device to be pingable through Windows Firewall
netsh firewall set icmpsetting type=ALL mode=enable
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=allow

rem Turn on File and Printer Sharing
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

rem Allow WMI access through Windows Firewall
netsh firewall set service type=remoteadmin mode=enable
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

rem Add user account
net user [REDACTED] /add
net localgroup Administrators [REDACTED] /add

Rem Set WMI Permissions
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

ECHO End of script
PAUSE

windows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered JuanBrickTech-8753 commented

Hi,
Welcome to share here!
For the commands or the scripts i'm afraid i can't give more advice since not familiar with it.

For how to deploy a scripts, you can consider the following ways due to your requirement.

Logon scripts :scripts run when users logon
Startup scripts:scripts run when computers restart
For your reference: Using Startup, Shutdown, Logon, and Logoff Scripts in Group Policy

Schedule task:scripts run at the scheduled time
How to Configure a Scheduled Task Item using Group Policy

This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.

Best Regards,


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thank you for your reply. Unfortunately, due to the nature of what we are after, the script needs to run on command one time. We can't always re-log or reboot the computers, so we really just want to push it out one time.

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered FanFan-MSFT commented

Hi,
Schedule task: scripts run at the scheduled time
https://www.faqforge.com/windows-server-2016/configure-scheduled-task-item-using-group-policy/
This is the one for your requirement.
There are settings for you to configure it to run the command only once and not reapply .
Check the following settings when configure the schedule task.
81376-3253.jpg
81355-3254.jpg



3253.jpg (41.3 KiB)
3254.jpg (46.5 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thank you again for taking the time to answer. I'm looking for something a less involved with GUI's. The gold standard is a script that would create a GPO to accomplish the above tasks.

0 Votes 0 ·
FanFan-MSFT avatar image FanFan-MSFT JuanBrickTech-8753 ·

Hi,
Sorry for can't provided more professional advice for using the scripts to accomplish this task.
Best Regards,

0 Votes 0 ·