Re: How to redirect output of shell command using WMI

From: Al Dunbar [MS-MVP] (alan-no-drub-spam_at_hotmail.com)
Date: 04/28/04

Next message: Jeff Cochran: "Re: Change DNS on NT 4.0"
Previous message: Tom: "Re: Changing user logon names via script"
In reply to: Jagdish S. Khedekar: "How to redirect output of shell command using WMI"
Next in thread: Jagdish S. Khedekar: "Re: How to redirect output of shell command using WMI"
Reply: Jagdish S. Khedekar: "Re: How to redirect output of shell command using WMI"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 28 Apr 2004 12:44:59 -0600

"Jagdish S. Khedekar" <jagdish@jopasana.com> wrote in message
news:eowrTtTLEHA.2400@tk2msftngp13.phx.gbl...
> Hi Group,
>
> I want to redirect the output of command executed on remote machine.
> When I redirect the output on the share on same remote machine, its
working
> with the code given below.
> But its not working for the share on my machine.
> It should not be security credentials problem, becuase I am 'local admin'
on
> the remote machine.
>
> Please help me out in this problem.

I am not positive on this, and have not tried this kind of thing just yet,
but I suspect that it may be a permissions/credentials problem.

When you use "{impersonationLevel=impersonate}!", I do not believe that a
process actually runs on the remote system under your credentials. Rather, I
think that whatever service is running on the remote machine runs under the
context of the local admin account, which, by definition, has no privs
outside of that one machine. It uses your credentials only to determine if
your account has the permissions required to run WMI script on its local
machine from a remote machine.

However things work under the hood, I suspect that this restriction is
either by design for security purposes, or that it is impossible to do
otherwise. Note that it is one thing for your local wmi script to tell the
remote computer who you are, but quite another to enable it to access
resources that it has no access to, without passing more than just some kind
of token of your identity. Note that this is how NTFS security works: the
file system can provide access to NTFS folders and files based on your group
membership without its having to know your password.

You could try using runas explicitly in your script, however, this would
open up a number of potential security issues that could be difficult to get
a good handle on.

Conversely, you could revert back to the version that writes the output to a
file on the target computer, and later run a script to pull this file back
to your computer.

Perhaps even simpler would be to run a script like this on your computer:

    @echo off
    set remotecomputer=%1
    set remotepath=D$\oracle\ora92\bin"
>C:\remotedirs\%1.txt dir \\%remotecomputer%\%remotepath%

and then type commands such as:

remlist jupiter
remlist saturn

or put this in a batch file with the list of computer names in another:

@echo off
for /f %%F in (complist.txt) do call remlist %%F

/Al

> Thanks and best regards,
> Jagdish.
>
> Code Snippet :
> --------------------------------------------------------------------------

--
> --------------------------------
> strCompleteCommand = "cmd.exe /c " & """" & "dir" & " > " &
> "\\compname\sharename\out.txt" & """"
>
> Set objProcess = GetObject("winmgmts:" _
>         & "{impersonationLevel=impersonate}!\\" & RemoteComputer &
> "\root\cimv2:Win32_Process")
>
> Set objWMIService = GetObject("winmgmts:" _
>     & "{impersonationLevel=impersonate}!\\" & StrComputer & "\root\cimv2")
>
> Set objStartup = objWMIService.Get("Win32_ProcessStartup")
>
> Set objConfig = objStartup.SpawnInstance objConfig.ShowWindow =
> HIDDEN_WINDOW
>
> intError = objProcess.Create(strCompleteCommand, "D:\oracle\ora92\bin",
> objConfig, intProcessId)
> --------------------------------------------------------------------------
--
> --------------------------------
>
>

Next message: Jeff Cochran: "Re: Change DNS on NT 4.0"
Previous message: Tom: "Re: Changing user logon names via script"
In reply to: Jagdish S. Khedekar: "How to redirect output of shell command using WMI"
Next in thread: Jagdish S. Khedekar: "Re: How to redirect output of shell command using WMI"
Reply: Jagdish S. Khedekar: "Re: How to redirect output of shell command using WMI"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: How to redirect output of shell command using WMI
... But this the script given will not work for me, ... But I can very well use the share on my machine from the remote machine. ... Note that it is one thing for your local wmi script to tell the ... Note that this is how NTFS security works: ...
(microsoft.public.windows.server.scripting)
Re: yet another question on file names with spaces?
... > I agree, the echo is redudant. ... > know what they are before the script runs - see below. ... > finding whether they are also on the remote machine. ... > images and pdfs which I only want to transfer once. ...
(comp.unix.shell)
Re: Remove programs with a script?
... While I execute this I get error: ... The script passed to CreateScript must be a WSH hosted script ... The remote machine needs to have WshRemote enabled: ... WshRemote instances do not run in the context of the visible, ...
(microsoft.public.scripting.wsh)
Re: Remove programs with a script?
... While I execute this I get error: ... The script passed to CreateScript must be a WSH hosted script ... The remote machine needs to have WshRemote enabled: ... WshRemote instances should never attempt to produce any visible ...
(microsoft.public.scripting.wsh)
Re: Problem with WMI.
... I am running a script to get the logged on user on a remote machine ... administrator is logged on to remote machine. ... For Each objComputer in colComputer ... computername as an argument. ...
(microsoft.public.scripting.vbscript)