I'm running a vbscript remotely via the Win32_Process.Create() method.
The vbscript that executes needs to connect to a network share and do
some things.
It's giving the following errors:
- The File System Object's FolderExists method returns false.
- If I attempt to GetFolder, it errors out with "Path Not Found"
If I run the exact same script on that remote machine via the console
(not remotely), it can see the shares just fine.
I know the Create method cannot run interactively, but that shouldn't
prevent the script from being able to see a network share...
I've also tried remotely executing an executable that has the vbscript
embedded in it and runs it, and the script fails the same way.
Help please!!
TIA,
-Tim
> I'm running a vbscript remotely via the Win32_Process.Create() method.
> The vbscript that executes needs to connect to a network share and do
> some things.
>
> It's giving the following errors:
> - The File System Object's FolderExists method returns false.
> - If I attempt to GetFolder, it errors out with "Path Not Found"
>
> If I run the exact same script on that remote machine via the console
> (not remotely), it can see the shares just fine.
>
> I know the Create method cannot run interactively, but that shouldn't
> prevent the script from being able to see a network share...
Hi
Your remote WMI process does not have access to any network resources
when using NTLM authentication, which is the default.
When you use NTLM authentication, after the impersonation, the process/thread
can only access local resources.
If you are using Active Directory and you use Kerberos authentication
instead on NTLM for the WMI connection, and the user and the remote
computer is granted Delegate impersonation level rights, you should
be able to access network resources.
<quote>
Connecting to a 3rd Computer-Delegation
When you run a script on Computer A that obtains data from Computer B, WMI is
supplying your credentials to the provider of the data on Computer B. This
requires only an impersonation level of Impersonate because only one network
hop is required. However, if the script connects to WMI on Computer B and
attempts to open a log file on Computer C, then the script fails unless the
impersonation level is Delegate. Delegate impersonation level is required by
any operation that involves more than one network hop.
</quote>
More here (with pictures):
Connecting to a 3rd Computer-Delegation
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/connecting_to_a_3rd_computer-delegation.asp
I'm not so sure about you need to be in AD native mode or if mixed mode
is good enough to use delegation (you can use Kerberos in a
mixed mode domain as well). http://support.microsoft.com/?kbid=325894 is
mentioning native mode, but http://support.microsoft.com/?kbid=283201 is not.
(more about this issue in the link further below as well)
In order to take advantage of delegation you need to use Active Directory
and you will need to take the following steps:
1. Launch Active Directory Users and Computers for the domain where users and
computer accounts are located.
2. For the user's account, bring up the account Properties dialog box,
click on Account tab and select the "Account is trusted for delegation"
checkbox.
3. For the computer account (the remote computer) on the General tab, select
"Trust this computer for delegation".
4. Ensure that you restart the computer and have the user re-logon to the
domain.
If delegation is not an option for you:
You might get something to work with NullSessionShares (not the most
secure thing I can think of ;-) or you might get something to work with
WSH 5.6 Remote scripting. More on those two methods here (a bit down in
the post) as well as more on the delegation issue:
http://groups.google.com/groups?selm=3E0251D8.74EE73F1%40hydro.com
Some options that might work better:
Take a look at PsExec.exe in the free PsTools suite, found at
http://www.sysinternals.com
Another freeware program with similar merits to PsExec is Beyondexec.
http://www.beyondlogic.org/consulting/remoteprocess/BeyondExec.htm
Beyondexec also have multiple computer functionality.
--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter