Today I have same issue and I cannot find solution, search in WEB read ton articles but without success. My problem with running PowerShell script on remote machine. If I run this script locally – it’s works, but remote not.
This is my full story.
Server: Windows 2008 R2 with SP1 + latest updates FW – Off UAC – ON : - User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable - User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable - User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting - User Account Control: Detect application installations and prompt for elevation – Disable Domain: hardening.com Hostname: qwerty12345 Version of PowerShell is Installed: PS C:\Windows\system32> $PSVersionTable Name Value ---- ----- CLRVersion 2.0.50727.5420 BuildVersion 6.1.7601.17514 PSVersion 2.0 WSManStackVersion 2.0 PSCompatibleVersions {1.0, 2.0} SerializationVersion 1.1.0.1 PSRemotingProtocolVersion 2.1 Client: Windows 2008 R2 + latest updates FW – Off UAC – ON : - User Account Control: Use Admin Approval Mode for the built-in Administrator account – Disable - User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. – Disable - User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – Elevate without prompting - User Account Control: Detect application installations and prompt for elevation – Disable Domain: systemqa.com Version of PowerShell is Installed: PS C:\> $PSVersionTable Name Value ---- ----- CLRVersion 2.0.50727.4952 BuildVersion 6.1.7600.16385 PSVersion 2.0 WSManStackVersion 2.0 PSCompatibleVersions {1.0, 2.0} SerializationVersion 1.1.0.1 PSRemotingProtocolVersion 2.1 • On Client installed also PowerCLI 1. On Server , I have file "C:\Windows\Temp\ ConfigurationWinRM.ps1” with following content: winrm set winrm/config/client `@`{TrustedHosts=`"`*`"`} winrm set winrm/config/winrs '@{MaxShellsPerUser="100"}' 2. My mission run those script on remote “Server” machine. 3. I run following script from “Client” machine but get always same errors: Message = Access is denied. Error number: -2147024891 0x80070005 a. Example 1: $domainCrd = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "$domainUser@$domainNameFQDN",$domainPASS $ComputerName = "qwerty12345.hardening.com" invoke-command -ComputerName $ComputerName -Credential $domainCrd -ScriptBlock { $FileName = "ConfigurationWinRM.ps1" $ItemLocation = "C:\Windows\Temp\" powershell -NoProfile -Command ". $ItemLocation$FileName" } b. Example 2: $ComputerName = "qwerty12345.hardening.com" $securePassword = ConvertTo-SecureString "**********" -AsPlainText -force $credential = New-Object System.Management.Automation.PsCredential("$domainName\$domainUser",$securePassword) Invoke-Command -ComputerName $ComputerName -ScriptBlock { $FileName = "ConfigurationWinRM.ps1" $ItemLocation = "C:\Windows\Temp\" powershell -Command ". $ItemLocation$FileName" } -Credential $credential c. Example 3: [ScriptBlock] $global:runFile = { $FileName = "ConfigurationWinRM.p开发者_高级运维s1" ### $ItemLocation = "C:\Windows\Temp\" $ItemLocation = "$env:windir\Temp\" & "$ItemLocation$FileName" } RemotePowerShellConnect domain $runFile WSManFault + CategoryInfo : NotSpecified: (WSManFault:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Message = Access is denied. Error number: -2147024891 0x80070005 Access is denied. WSManFault Message = Access is denied. Error number: -2147024891 0x80070005 Access is denied. [vSphere PowerCLI] C:\> $error[0] | Format-List * -Force PSMessageDetails : OriginInfo : qwerty12345.hardening.com Exception : System.Management.Automation.RemoteException: Error number: -2147024891 0x80070005 Access is denied. TargetObject : CategoryInfo : NotSpecified: (:) [], RemoteException FullyQualifiedErrorId : NativeCommandErrorMessage ErrorDetails : InvocationInfo : PipelineIterationInfo : {} d. Example 4: [vSphere PowerCLI] C:\> [ScriptBlock] $global:www = { $FileName = "ConfigurationWinRM.ps1" $ItemLocation = "C:\Windows\Temp\" function Invoke-Admin() { param ( [string]$program = $(throw "Please specify a program" ), [string]$argumentString = "", [switch]$waitForExit ) $psi = new-object "Diagnostics.ProcessStartInfo" $psi.FileName = $program $psi.Arguments = $argumentString $psi.Verb = "runas" $proc = [Diagnostics.Process]::Start($psi) if ( $waitForExit ) { $proc.WaitForExit(); } } Write-Host -ForegroundColor Green "Invoke-Admin powershell $ItemLocation$FileName" Invoke-Admin powershell $ItemLocation$FileName } [vSphere PowerCLI] C:\> RemotePowerShellConnect domain $www Session state: Opened Session availability: Available Running Service is running ... You connect to VM Remote PowerShell ... Invoke-Admin powershell C:\Windows\Temp\ConfigurationWinRM.ps1 [vSphere PowerCLI] C:\> [vSphere PowerCLI] C:\> Nothing heppend !!!!! No updates on remote “Server” machine !!! e. Example 5: .\tmp\psexec -d \\$hostNAME -u $domainName\$domainUser -p $myPASS cmd /C START /WAIT powershell %windir%\Temp\ConfigurationWinRM.ps1 PsExec v1.98 - Execute processes remotely Copyright (C) 2001-2010 Mark Russinovich Sysinternals - www.sysinternals.com cmd started on qwerty12345 with process ID 3860. [vSphere PowerCLI] C:\> Nothing heppend !!!!! No updates on remote “Server” machine !!!
Am I correct in reading that there is just one script file, only on the local server, and not on any of the remote clients?
If that's the case, then I think you should try this syntax:
$FileName = "ConfigurationWinRM.ps1"
$ItemLocation = "C:\Windows\Temp\"
Invoke-Command -ComputerName $ComputerName -filepath "$ItemLocation$FileName" -cred $credential
I think what's happening when you use the scriptblock syntax is:
- scriptblock defined on local machine, encapsulated as an object
- scriptblock object passed to each remote machine
- scriptblock executed verbatim on the remote machine, therefore it's looking for your script file on the remote machine at c:\windows\temp (it doesn't exist so it's throwing some BS access denied error)
Based on the help info the filepath parameter, using -filepath will do the following instead:
- read in script file locally, convert contents to a scriptblock object
- scriptblock object passed to each remote machine
- scriptblock executed verbatim on the remote machine, no references to the .ps1 file at all at this point
精彩评论