Remotely installing patches - scripting

I need to know how to run a batch script that will go to a shared location on the network, put the user name and password in and run a specified file. I'm not great with scripts and I can't find any coherent answers so far. I'm trying to run software patches on MANY systems and trying to save a little time with either going to each box individually and tossing in the patch disk or using Languard to click each patch (up to 155) individually.
So far I've got the 'net use' command to connect to the share but can't get it to use the user name or password, let alone get it to execute the patches. Could someone put this in a coherent format please? I am getting alot of the syntax, which is great but they always use extra symbols and asterisks which can be a little confusing. Perhaps an example with example names? Thanks!

PsExec can do what you want
http://technet.microsoft.com/en-us/sysinternals/bb897553
usage: psexec \\computer [-u username [-p password]] [-s] [-c [-f]] [-d] program [arguments]
-u Specifies optional user name for login to remote computer.
-p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
-s Run remote process in the System account .
-c Copy the specified program to the remote system for execution. If you omit this option then the application must be in the system's path on the remote system.
-f Copy the specified program to the remote system even if the file already exists on the remote system.
-d Don't wait for application to terminate. Only use this option for non-interactive applications.
Examples
The following command launches an interactive command prompt on \\marklap:
psexec \\marklap cmd
This command executes IpConfig on the remote system with the /all switch, and displays the resulting output locally:
psexec \\marklap ipconfig /all
This command copies the program test.exe to the remote system and executes it interactively:
psexec \\marklap -c test.exe
Specify the full path to a program that is already installed on a remote system if its not on the system's path:
psexec \\marklap c:\bin\test.exe
src: http://www.governmentsecurity.org/forum/index.php?showtopic=1030
I'm on linux right now so I can't test this.
for /l %%c in (1,1,254) do start psexec \\192.168.1.%%c -d -u administrator -p pass "net use Z: \\yourserver\user$ && Z:\update.exe && net use Z: /delete"

You could schedule the PSEXEC commands on the 70+ machines using scheduled tasks. The command line interface for that is SCHTASKS, so you could schedule them all at once from your administrator machine.
C:\Windows\system32>schtasks /?
SCHTASKS /parameter [arguments]
Description:
Enables an administrator to create, delete, query, change, run and
end scheduled tasks on a local or remote system.
Parameter List:
/Create Creates a new scheduled task.
/Delete Deletes the scheduled task(s).
/Query Displays all scheduled tasks.
/Change Changes the properties of scheduled task.
/Run Runs the scheduled task on demand.
/End Stops the currently running scheduled task.
/ShowSid Shows the security identifier corresponding to a scheduled task name.
/? Displays this help message.
Examples:
SCHTASKS
SCHTASKS /?
SCHTASKS /Run /?
SCHTASKS /End /?
SCHTASKS /Create /?
SCHTASKS /Delete /?
SCHTASKS /Query /?
SCHTASKS /Change /?
SCHTASKS /ShowSid /?

Related

Script to Kill Remote Session and Open a Program only works if user is an administrator

I have this code which successfully kills my remote session and opens up Sketchup.
When I remote back in, Sketchup is open and available to use.
However, it only works if the user is an administrator.
Is it possible to change this script so it works for standard users?
Even if I had to put the local administrator credentials, I would be fine with that.
for /f "skip=1 tokens=3" %%s in ('query user %USERNAME%') do (
%windir%\System32\tscon.exe %%s /dest:console
)
timeout /t 15
cd "C:\Program Files\SketchUp\SketchUp 2019"
sketchup.exe
I don't think the user has to be an administrator. You should be able to save the script in a .bat file and right click Run As Administrator. Doesn't that work?
One important point here is that SketchUp will also run with admin privileges and you wouldn't want any program running with elevated privileges unnecessarily. I would modify the script as such:
runas /trustlevel:0x20000 "C:\Program Files\SketchUp\SketchUp 2019\SketchUp.exe"
Edit: Here's a variation of the script which works for me under a regular user:
for /F "tokens=1,2,3,4,5" %%A in ('"query session | find "Active""') DO (tscon %%C /dest:console)
runas /trustlevel:0x20000 "C:\Program Files\SketchUp\SketchUp 2020\SketchUp.exe"
(You have to run the script as Admin)

Sysinternals psexec not running on the remote desktop

I've got two Remote Desktops hosted by a Hyper-V.
On Remote Desktop "A", I've got a .bat file, which I want to execute.
On Remote Desktop "B", I've got a cmd open with psexec cmd ready to invoke .bat file on machine "A".
"path-to\\psexec.exe" \\ip -u domain\username -p pswd -i cmd.exe /c "path-to\\myFile.bat %*"
The script contained in .bat file on machine "A" operates on the UI and thus requires a real screen to be open, so I am connected to two RDs simultaneously. However, when I call psexec command on machine "B", the cmd returns an error, but if I open RD "A" directly through the server's Hyper-V manager's interface, the psexec command works as expected.
Can someone explain please why this happens?
The UI of Windows runs on session 0. To run a program remotely that uses session 0, it will need to run as the System user (-s flag), and you can specify the session to use (-i flag). This answer has a few related tips too.

Executing command in Plink from a batch file

I want to automate the export process which I take using expdp command in Oracle.
Following is the contents of batch file I have created to open PuTTY.
#echo off
"C:\Program Files\PuTTY\plink.exe" username#Ip_Addr -pw password -m Open_Putty.txt`
Following is the contents of Open_Putty.txt to execute different commands.
echo $ORACLE_SID;
Read oraenv;
But after opening Open_Putty.bat it disappears without showing any output.
Please help me with this. I want to set oraenv and run some more commands to take the backup.
It's unlikely that plink.exe disappears without showing any output. I assume you execute the batch file from a Windows Explorer or other GUI application, so the Plink console window disappears once Plink finishes (possibly with error) and you cannot read the output (error).
Make sure you execute plink.exe from a console window (typically a cmd.exe) or add pause command to the end of the batch.
Make sure Plink can find the script file (Open_Putty.txt). As you do not specify a path to the file, it has to be located in your current working directory. Safer is to use a full path to the script file:
"C:\Program Files\PuTTY\plink.exe" username#Ip_Addr -pw password -m "C:\path\Open_Putty.txt"
The backtick symbol at the end of the command should probably not be there.
The name "Open PuTTY" is bit confusing. You are not using PuTTY at all. And even if you refer to Plink by "PuTTY", your script file (Open_Putty.txt) is not opening PuTTY nor Plink. It's executing remote commands. So you should better name it export.txt or similar.

Executing commands on command prompt of a remote computer

I need to execute the command :- Powermt display dev = all in the command prompt of a remote computer. How do I do that ?
If you have PowerShell 2.0 or higher on both computers and can enable remoting on the remote computer by execute Enable-PSRemoting -Force, then from an elevated/admin PowerShell prompt you can run:
Invoke-Command -ComputerName remotepcname -ScriptBlock { <commands to execute remotely> }
This will execute the commands remotely and return the results to the local computer.
Here's another alternative to try where psexec and powershell fail. It's convoluted and hackish, but at least it's something else to try. :)
Firstly, share a folder on your own machine. Make sure an account with admin rights on the remote machine has write access to this share you create. Then execute the following:
wmic /node:remoteComputerAddr /user:adminOnRemoteComputer /password:adminPassword process call create "cmd.exe /c powermt display dev=all >>\\localComputerAddr\shareName\results.txt"
#type "c:\local\path\to\share\results.txt"
Unfortunately, wmic doesn't show you the output of the process it creates. That's why you enable a share on your local workstation, then redirect the output from the remote command to your share.
More info.

How to run a CruiseControl task as an administrator in Windows Server 2008

I'm currently using CruiseControl.NET to automate my build. We have two different ways to build a solution in my build environment - one is through the Keil uVision4 IDE, the other is through Visual Studio 2008.
I've successfully gotten the Visual Studio solution to build properly using CruiseControl.NET and have created a batch file which properly uses Keil's uVision command line interface to compile my uvproj Project (compilation details here).
Problem Description
1) I can successfully execute the build script on my Windows 2008 server and build the project if I create a command prompt with administrator privileges (I'm doing this manually - start -> run -> cmd with ctrl-shift-enter to run as admin).
2) However, if I create a command prompt without administrator privileges, and attempt to execute the batch file, the batch file won't work unless I accept the prompt asking me to confirm admin rights are required to run the batch script.
How do I automatically execute a batch file as an administrator through CruiseControl?
Is this something that could be automated using the RunAs command?
Technical details
1) The batch file being executed is pretty simple - it deletes the old output and re-makes the output, creating a build log file in the location below.
set BuildLogLocation=BuildLog\BuildLog.txt
echo on
cd ../..
cd PTM
rmdir /s /q output
mkdir output
mkdir BuildLog
C:\Keil\UV4\UV4.exe -r myProj.uvproj -o %BuildLogLocation%
echo ErrorLevel of build is %ERRORLEVEL%
echo build complete, see %BuildLogLocation%
2) Currently I'm looking to use the Exec functionality to run the Keil build script above:
<Exec>
<Command>C:\myProject\Build\KeilBuild\BuildScript.bat<Command/>
<buildTimeoutSeconds>600<buildTimeoutSeconds/>
<!-- Details about error codes can be found here:
http://www.keil.com/support/man/docs/uv4/uv4_commandline.htm -->
<successExitCodes>0,1</successExitCodes>
<Exec/>
Related questions:
How can I use a build server with Keil uVision4 (MDK-ARM), script a build, use a makefile? (Electrical Engineering)
Execute a command-line command from CruiseControl.NET (Stack Overflow)
Can you run CCService, the CruiseControl.NET Windows Service, as a user who has administrative permissions? I'd try that first.
If that doesn't work, I would use runas to run your script. You'll have to embed the administrative user's password in the script calling runas.
I know this is old but, Did you get an offical way to do it Via Cruise Control?
Normally I create this and call it to call other processes "As Admin".
Make a ".VBS" script with This in the contents:
Dim strBatchPath
strBatchPath = "PATH-TO-FILE.EXE"
Set runBatch = CreateObject("shell.application")
runBatch.shellexecute strBatchPath,,,"runas",1
That could be an option to people that can't find an official way
You could try psExec from sysinternals. If you don't need to run as a nt-authority account you should be able to use this in the same way as runas.
It allows you to pass in the username/password as a switch (if memory serves)
I have Discovered that when using PSEXEC and using the -h switch, it then "runs as admin" on destination
e.g.
psexec -h \ServerToRunOn /accepteula -u DOMAIN\USER -p PASSWORD "PATH-TO-FILE"
I am Using CC.Net to call a batch file with the above in. This will run that file as Admin