PSTools PSEXEC - How to run CMD command as logged on/local user?

[0phoi5]

Hi all,

I'm using PSEXEC to map a drive on a user's machine remotely, amongst running various other CMD commands to amend registry files etc.

I am running PSTOOLS on my machine under an admin account, because I cannot use PSTOOLS otherwise.

On running the following script, as an example of one of the CMD commands I am trying to run, it runs it as me (as in, an admin). However, I don't want it to do this, as this doesn't map the drive for the user.

I want the script to run the CMD command as the currently logged on user, not as me.

:MapDrive
psexec \\%IP% -s -i -c -f -d cmd.exe /s /c "NET USE X: \\GBUS0042\SMSAPPS$ /persistent:yes"
IF ERRORLEVEL 0 ECHO Success!
Pause
endlocal
GOTO Start

How would I go about this? I have tried calling a batch file instead, but it still runs the batch file as me (admin) on the user's PC, rather than as them.

The idea behind these scripts is to stop me having to remote to every user who simply requires a registy amendment or a drive mapping.

Thank you in advance,

Haze

[0phoi5]

To give further detail/clarification, I am able to run the following successfully;

:ConfirmedGPUpdate
psexec \\%AssetTag% -s -i -d -c -f cmd.exe /c gpupdate /target:user /force /boot
Pause
endlocal
GOTO Start

This is because '/target:user' in the GPUpdate runs the command for all users of the PC I am sending it to, so although it runs the command as me (admin), it still runs a GPUpdate for the logged on user as well.

I want to do the same for other commands, not just GPUpdate.

Thanks.

[cooper]

Can you use runas?

[0phoi5]

Can you use runas?

Hi Cooper,

I believe this would then prompt me for the user's password, which I wouldn't have access to.

I was holding out hope that an admin could run PSEXEC cmd.exe as a local user, but it seems I can only do it as myself, which is silly really. Makes PSEXEC only half as useful.

[cooper]

In UNIX that's the normal way but in Windows an Admin can admin a box but not access your personal profile in that way. It sort of makes sense though I can understand how this would be very annoying.

A co-worker of mine who's better versed with Windows scripting dug up these:

http://www.softtreetech.com/24x7/archive/53.htm

http://www.commandline.co.uk/sanur/

http://www.robotronic.de/runasroben.html

Edited November 3, 2015 by cooper

[0phoi5]

Thanks Cooper :)

I've had a dig around the interwebs and I think - although not yet tested to confirm - that I can use PSTOOLS PSGETSID to pull the user's SID and then user REG ADD and the full path to registry keys (including said user SID) to amend the user's registry.

This should hopefully change the keys for the user and not me, as it's pointing to their own personal keys via their SID (HKU in regedit).

I can then use this method to amend the keys for mapping drives and many other useful things.

I think. I'll have to let you know!

A quick question to help me try this out... How do I pull the output of a CMD command to a new variable?

For example; PSGETSID \\A1234 USERNAME gives the output "123456789".

How do I get "123456789" to assign to the variable %usersid%?

I'm having too much fun here

Cheers

Edited November 3, 2015 by haze1434

[0phoi5]

OK, so far I have;

:AmendRegKey
setlocal
set /p IPAddress=Please Type The User's IP:%=%
set /p Username=And The User's UserID:%=%
cls
FOR /F "tokens=*" %a IN ('psgetid \\%IPAddress% %Username%') DO set /p USERSID=%a
TIMEOUT 1 /nobreak
psexec \\%IPAddress% -s -i reg add "HKU\%USERSID%\Path\To\Key" /v Keyname /t REG_SZ /d Z:\ /f
Pause
endlocal
GOTO Start

However, on running this in PSTOOLS I get an error stating "IPAddressUsernamea was unexpected at this time".

Edited November 3, 2015 by haze1434

[cooper]

In the 'set' command at the end of your FOR loop, what's "%a" supposed to do? It seems the interpreter is taking 2 %-chars and assumes whatever's between them, including spaces and what not, to be a variable, causing IPAddress and Username to get appended with the trailing 'a' on that line added to the end.

[0phoi5]

Ah, OK. I'll have to have a play tomorrow and see what happens. Would it be best to simply remove the a and leave the % on it's own?

So like this?;

FOR /F "tokens=*" % IN ('psgetid \\%IPAddress% %Username%') DO set /p USERSID=%

Essentially this line is supposed to use PSGETID from PSTools and assign the result to the variable USERSID.

[cooper]

This would probably make the interpreter read it like this:

FOR /F "tokens=*" <INSERT_VARIABLE_HERE_WITH_NAME("IN ('psgetid \\%")>IPAddress<INSERT_VARIABLE_HERE_WITH_NAME(" ")>Username<INSERT_VARIABLE_HERE_WITH_NAME("') DO set /p USERSID=")>

Since that INSERT_VARIABLE_HERE stuff is going to be an empty string because no variable by that name exists, you end up with the following command:

FOR /F "tokens=*" IPAddressUsername

And that's probably not what you want.

See here for a write-up on the FOR command. I'm thinking your command should look like this:

FOR /F "tokens=*" %%a IN ('psgetid \\%IPAddress% %Username%') DO set /p USERSID=%%a

Edited November 4, 2015 by cooper

[0phoi5]

Thank you. I believe this has gotton me further along, however, annoyingly, I am still coming across an error.

My code currently is;

:ShellKeys
setlocal
cls
echo.
set /p AssetTag=Shell Folder Registry Keys - Please Type The User's Asset Tag:%=%
cls
echo.
set /p Username=Shell Folder Registry Keys - And The User's UserID:%=%
cls
FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO set /p USERSID=%%a
TIMEOUT 1 /nobreak
psexec \\%AssetTag% -s -i reg add "HKU\%USERSID%\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f
Pause
endlocal
GOTO Start

However, this results in CMD prompt stating;

SID for [SERVERNAME] / [%USERNAME%] :
[SID successfully shows here]

Waiting for 0 seconds . . .

reg exited on [%AssetTag%] with error code 1.

Press any key to continue . . .

I can see that the SID is being successfully pulled, as I can ECHO it and it shows on-screen as per the above, however the REG command doesn't seem to be working.

I have been unable to pinpoint why.

I will get this to work, if it's the last thing I do!

Thanks

[cooper]

If you place the word 'echo' as the very first word on that line, so even before psexec, do you see the correct command with the appropriate substitutions in place?

If you run that command as-is on your target machine does reg.exe succeed? Because I get the impression it might be something related to rights but reg.exe has effectively *ZERO* error handling. You get told if it worked or not, but if not... meh, you work it out.

Edited November 5, 2015 by cooper

[0phoi5]

If you place the word 'echo' as the very first word on that line, so even before psexec, do you see the correct command with the appropriate substitutions in place?

Ah, no.

The command...

FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO set /p USERSID=%%a

...still isn't working.

After running this command manually, and then echoing %USERSID%, CMD just literally echos "%USERSID%", so the variable isn't being set at all.

I'm going to try and save the variable USERSID to a text file and see what it does.

The second part works fine. Running...

psexec \\%AssetTag% -s -i reg add "HKU\[Input SID manually]\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f

...manually achieves the registry change with no errors.

Edited November 5, 2015 by haze1434

[cooper]

You should move the psexec call to where that set is and use %%a instead of USERSID. So this:

FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO psexec \\%AssetTag% -s -i reg add "HKU\%%a\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f

[0phoi5]

You should move the psexec call to where that set is and use %%a instead of USERSID. So this:

FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO psexec \\%AssetTag% -s -i reg add "HKU\%%a\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f

Thanks Cooper. I will need to try this on Monday, as I'm going on a fishing weekend I will repost then.

Your time is much appreciated, thank you.

[0phoi5]

No luck with that unfortunately, however I found a way to get it to work 'with gaffer tape and chewing gum' ;

:AmendRegistryKey
setlocal
set /p Hostname=Input the user's PC Hostname : %=%
set /p Username=Input the user's Logon ID : %=%
psgetsid \\%Hostname% %Username%
echo Please type the last few digits of the above SID reference
set /p UserSID=(the numbers after the last dash):%=%
cls
psexec \\%Hostname% -s reg add "HKU\[S-0-0-00-0000000-0000000000-00000000]-%UserSID%\Path\To\Key" /v [Name of key] /t REG_SZ /d [Amendment] /f
cls
IF ERRORLEVEL 0 ECHO Error 0 means the command completed successfully!
IF ERRORLEVEL 1 ECHO Any other error could mean a few things - An incorrect user logon name was entered, access to the remote PC was denied or the registry key was not found.
Pause
endlocal
GOTO Start

Not a perfect script, as it requires one more bit of input by the user, but it works and it only added a few seconds to the input, so meh, it does what I need!

*edit*

For those that read this in the future - This can also be used to map drives, as per my orignal post up top. Just amend the registry keys that point to the user's drives.

Just amend the line...

psexec \\%Hostname% -s reg add "HKU\[S-0-0-00-0000000-0000000000-00000000]-%UserSID%\Path\To\Key" /v [Name of key] /t REG_SZ /d [Amendment] /f

... to point to the path for the mapped drives.

This works for me as the SID for each user in our company remains the same, bar the last 5-6 digits (after the last dash), so I just ask the user to input these digits. It may be different for you. Check a few user's SID's and note how much is the same for each user, then amend the '[s-0-0-00-0000000-0000000000-00000000]-%UserSID%' for your use.

Thanks for your help.

Edited November 10, 2015 by haze1434

[cooper]

Still curious what was wrong with the previous line of script I posted. Could you still try with an echo before the psexec and see what it says?

[0phoi5]

Still curious what was wrong with the previous line of script I posted. Could you still try with an echo before the psexec and see what it says?

Ah, it worked! I tested it on a colleague and success!

Apologies, the reason I didn't think it worked before was because it actually throws up an error code 1 after doing the 'psgetsid \\%AssetTag% %Username%' bit, but the script actually continues on and completes successfully.

In the end then, this was the full set of commands;

:Test
setlocal
cls
echo.
set /p AssetTag=Test Script - Please Type The User's Asset Tag:%=%
cls
echo.
set /p Username=Test Script - And The User's UserID:%=%
cls
FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO psexec \\%AssetTag% -s -i reg add "HKU\%%a\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f
Pause
endlocal
GOTO Start

Much better than the bodge I threw together!

Thank you loads Cooper, you've been excellent.

[0phoi5]

Darn it!!

Nope, still not working. False resolved, turns out the guy's key was already amended before I ran my script.

I can see the issue, though.

The actual output / script run from...

FOR /F "tokens=*" %%a IN ('psgetsid \\%AssetTag% %Username%') DO psexec \\%AssetTag% -s -i reg add "HKU\%%a\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f

...is...

reg add "HKU\SID for WL_DOM1\willhay:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d Z:\ /f

This doesn't work, as it's picking up the output of USERSID as "SID for WL_DOM1\willhay:"

This is down to the command PSGETSID having the following output (when run on it's own for the same user 'WILLHAY')...

SID for WL_DOM1\willhay:
S-0-0-00-000000000-0000000000-00000000-00000

Unfortunately it's picking up the first line of the output instead of the second.

Argh!

*EDIT*

I found this...

http://stackoverflow.com/questions/18083366/getting-second-line-of-text-set-as-a-variable-using-for-in-batch

... But have yet to try it properly, as I finish work shortly. I will update again tomorrow.

Edited November 10, 2015 by haze1434

[0phoi5]

BINGO!

The finished product...

FOR /F "tokens=1* skip=1" %%a IN ('psgetsid \\%AssetTag% %Username%') DO psexec \\%AssetTag% -s reg add "HKU\%%a\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Personal /t REG_SZ /d M:\ /f

[cooper]

Nice!