2

I've been working on trying to run a Powershell script on the network using PSExec, but every time I run it, I get this message:

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Couldn't access [COMPUTER]:
The filename, directory name, or volume label syntax is incorrect.

C:\PSTools> psexec \\[COMPUTER] /s cmd /c %SystemRoot%\system32\WindowsPowerShell\
v1.0\powershell.exe -ExecutionPolicy Bypass -file c:\apps\test.ps1

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com


The argument 'c:\apps\test.ps1' to the -File parameter does not exist. Provide
the path to an existing '.ps1' file as an argument to the -File parameter.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Try the new cross-platform PowerShell https://aka.ms/pscore6

cmd exited on [COMPUTER] with error code -196608.

The goal of the script is to traverse domain-connected laptops and save a specific list of directories to a file on my computer. That script is as follows:

powershell.exe -command "& {& get-childitem 'c:\users\*\appdata\local\google\chrome\user*data\default\extensions\*'}" > \\[MY_COMPUTER]\C$\users\[USERNAME]\desktop\Chrome_Extensions.txt

I am calling this script with this command:

psexec \\[COMPUTER] /s cmd /c %SystemRoot%\system32\WindowsPowerShell\
v1.0\powershell.exe -ExecutionPolicy Bypass -file c:\apps\test.ps1

When I run the script without psexec \\[COMPUTER] /s , it runs fine and saves the correct information about the computer I'm running it on, then sends the information to my computer's desktop. But running it with the aforementioned line causes the error above, and I can't target machines on the network. So, what about the PSExec command causes this to error out, as it doesn't seem like there's really a lot to it? Perhaps I'm misunderstanding, and assuming that PSExec should run the same as PowerShell, which very well might not be the case. I guess I'm just a little lost on how to use it, and any assistance would be greatly appreciated! Thank you!

Aideux
  • 109
  • 3
  • 9
  • It seems to me that the file `c:\apps\test.ps1` doesn't exist on the remote machine. How big is the file? If it's less than ~ 4KB you could encode it as utf16-le base64 and then pass the entire contents to `-EncodedCommand`. See `powershell.exe /help` and they show to do it in the last example. – briantist Oct 09 '20 at 18:45
  • @briantist Ah, it's possible that I thought that ```c:\apps\test.ps1``` referred to a file on the computer I'm running the script on, not the target computer. I don't really have a reliable way to put that script on everyone's computers, is it possible to use ```-c``` switch for this? If so, how will the syntax of these scripts change? Thank you for your help! – Aideux Oct 09 '20 at 19:02
  • It's possible to use `-c` but if you do that you need to format the script to be on a single line, and you'll have to escape the contents to work properly on the command line. That's why I recommended using `-EncodedCommand`, as you would avoid all that messiness. You can keep the script local, and just encode its contents. But there will be a limit to how big of a script you can pass that way. – briantist Oct 09 '20 at 19:40
  • 1
    You might also consider using PowerShell remoting if it's available on the target machines instead of `psexec`. To do that, run powershell locally and see if you can connect: `Enter-PSSession -ComputerName `. If that works, then you can also use `Invoke-Command -ComputerName -FilePath – briantist Oct 09 '20 at 19:43

1 Answers1

2

With help from @Briantist, I've been able to run the command Enable-PSRemoting on the target computer, then run the script with invoke-command -computername [COMPUTER] -filepath c:\apps\test.ps1

Using PSExec was just too messy, so I'm glad this was able to work another way. Now to figure out how to enable remoting on all computers on the domain without connecting to all of them individually and doing it manually...

Aidan
  • 37
  • 1
  • 1
  • 12
  • Glad that worked! As for how to enable it across the domain, this article may be 8 (!!!) years old but it should still be applicable: https://www.briantist.com/how-to/powershell-remoting-group-policy/ – briantist Oct 17 '20 at 14:13