I'm executing a process remotely via WMI (Win32_Process Create) but am unable to figure out how I can determine when the process has completed executing. When I first issue the command, there is an exit code (0 for success) but that just tells me the process has been successfully spawned.
Is there a way I can know when the process ends? Thanks!
Faced same issue and wrote a simple VMI wrapper:
var exitStatus = WmiOperations.Run("notepad.exe", wait:10);
Synopsis for Run is:
int Run(string command, // Required
string commandline = null, // (default=none)
string machine = null, // (default=local)
string domain = null, // (default=current user domain)
string username = null, // (default=current user login)
string password = null, // (default=current user password)
SecureString securePassword = null, // (default=current user password)
double wait = double.PositiveInfinity); // (default=wait til command ends);
Source code can be downloaded from here.
Give caesar his due, code is inspired from this one. Simply:
Refactored things to static class
Added more control on remoting parameters
Redesigned event watcher to suppress the unappealing CheckProcess test
Here is an example create on the top of .NET objects but written in Powershell, it's easy to translate it to C#
Clear-Host
# Authentication object
$ConOptions = New-Object System.Management.ConnectionOptions
$ConOptions.Username = "socite\administrateur"
$ConOptions.Password = "adm"
$ConOptions.EnablePrivileges = $true
$ConOptions.Impersonation = "Impersonate"
$ConOptions.Authentication = "Default"
$scope = New-Object System.Management.ManagementScope("\\192.168.183.220\root\cimV2", $ConOptions)
$ObjectGetOptions = New-Object System.Management.ObjectGetOptions($null, [System.TimeSpan]::MaxValue, $true)
# Equivalent to local :
# $proc = [wmiclass]"\\.\ROOT\CIMV2:Win32_Process"
$proc = New-Object System.Management.ManagementClass($scope, "\\192.168.183.220\ROOT\CIMV2:Win32_Process", $ObjectGetOptions)
# Now create the process remotly
$res = $proc.Create("cmd.exe")
# Now create an event to detect remote death
$timespan = New-Object System.TimeSpan(0, 0, 1)
$querryString = "SELECT * From WIN32_ProcessStopTrace WHERE ProcessID=$($res.ProcessID)"
$query = New-Object System.Management.WQLEventQuery ($querryString)
$watcher = New-Object System.Management.ManagementEventWatcher($scope, $query)
$b = $watcher.WaitForNextEvent()
$b
Related
I work on a computer where I have no admin rights and I am unable to set execution policy. I need to turn this powershell code into C#, so I can make binary module, because those are unaffected by execution policy.
$Host.PrivateData.ErrorForegroundColor = 'Red'
$Host.PrivateData.WarningForegroundColor = 'Magenta'
$Host.PrivateData.DebugForegroundColor = 'Black'
$Host.PrivateData.VerboseForegroundColor = 'Blue'
$Host.PrivateData.ProgressForegroundColor = 'White'
$Host.PrivateData.ErrorBackgroundColor = 'DarkYellow'
$Host.PrivateData.WarningBackgroundColor = 'DarkYellow'
$Host.PrivateData.DebugBackgroundColor = 'DarkYellow'
$Host.PrivateData.VerboseBackgroundColor = 'DarkYellow'
$Host.PrivateData.ProgressBackgroundColor = 'DarkBlue'
Set-PSReadlineOption -Colors #{
Command = 'DarkRed';
Comment = 'DarkGray';
ContinuationPrompt = 'DarkCyan';
DefaultToken = 'DarkMagenta';
Emphasis = 'Red';
Error = 'DarkRed';
Keyword = 'DarkGreen';
Member = 'DarkGreen';
Number = 'DarkGreen';
Operator = 'Black';
Parameter = 'DarkCyan';
String = 'DarkBlue';
Type = 'DarkBlue';
Variable = 'DarkGreen';
}
Set-Location C:\
Clear-Host
So I can compile this as .dll with Add-Type cmdlet and use command Load-Colors to execute this module's contents.
Is it possible to make binary profile like Microsoft.PowerShell_profile.dll ?
I have eyesight problems (Astigmatism), I need light colorscheme.
Thank you in advance! Much appreciate it!
You can use either powershell.exe -ExecutionPolicy Bypass or Set-ExecutionPolicy -Scope CurrentUser RemoteSigned -Force to modify the execution policy on a machine you don't have local admin rights on.
Answers from the comments of Mathias R. Jessen & mklement0
I am using .NET with powershell trying to retrieve result of Get-Acl command of specific AD object. Unfortunately when I run the code from C# code I get 0 result. Also the ThrowIfError is not throwing any error.
Command test01 = new Command("import-module");
test01.Parameters.Add("name", "activedirectory");
session.Commands.AddCommand(test01);
Command test0 = new Command("Set-Location");
test0.Parameters.Add("Path", "AD:");
session.Commands.AddCommand(test0);
Command test1 = new Command("Get-Acl");
test1.Parameters.Add("Path", identity);
session.Commands.AddCommand(test1);
session.AddCommand("select-object");
session.AddParameter("Property", "Access");
var tempResults1 = session.Invoke();
ThrowIfError();
private void ThrowIfError()
{
var errors = session.Streams.Error;
if (errors.Count > 0)
{
var ex = errors[0].Exception;
session.Streams.ClearStreams();
// Never close session to dispose already running scripts.
throw ex;
}
}
This code running on server in powershell is working correctly:
PS AD:\> Import-Module -Name activedirectory
PS AD:\> set-location ad:
PS AD:\> get-acl -path <distinguishedNameOfADObject>
Question
How to get the same result like I get from Powershell? I should get atleast something not a zero result.
Little background:
I am trying to get Send-As rights not using Get-ADPermission cmdlet because its taking too long time when I need to search for rights within thousands of mailboxes. Using this article link I am trying another approach to get the rights. I have already the slower version working using C# code:
Command command = new Command("Get-ADPermission");
command.Parameters.Add("Identity", identity);
session.Commands.AddCommand(command);
session.AddCommand("where-object");
ScriptBlock filter = ScriptBlock.Create("$_.ExtendedRights -eq 'send-as'");
session.AddParameter("FilterScript", filter);
session.AddCommand("select-object");
session.AddParameter("Property", "User");
tempResults = session.Invoke();
The better way is to define a powershell-script instead of multiple commands to get the values you need. Example with your powershell-code:
using System.Collections.ObjectModel;
using System.DirectoryServices;
using System.Management.Automation;
namespace GetAclPowershellTest
{
class Program
{
static void Main(string[] args)
{
/****Create Powershell-Environment****/
PowerShell PSI = PowerShell.Create();
/****Insert PowershellScript****/
string Content = "param($object); Import-Module ActiveDirectory; Set-Location AD:; Get-ACL -Path $object"; //Add Scrip
PSI.AddScript(Content);
PSI.AddParameter("object", "<distinguishedNameOfADObject>");
/****Run your Script with PSI.Invoke()***/
Collection<PSObject> PSIResults = PSI.Invoke();
/****All Errors****/
Collection<ErrorRecord> Errors = PSI.Streams.Error.ReadAll();
/****needed, because garbagecollector ignores PSI otherwise****/
PSI.Dispose();
/**** Your ACL-Object ****/
ActiveDirectorySecurity MyACL = (ActiveDirectorySecurity)PSIResults[0].BaseObject;
/*insert your code here*/
}
}
}
This example works for me.
You have to set a reference to the Powershell-Assembly (Usually you can find it at "C:\Program Files (x86)\Reference Assemblies\Microsoft\WindowsPowerShell\3.0\System.Management.Automation.dll")
Benefit of this solution is, you could read a .ps1-File you got from someone, fill the parameters with the objects you have and the script runs like in a standard powershell-session. The only requirement to set parameters is the param-part in the Script.
More Infos about param: https://technet.microsoft.com/en-us/library/jj554301.aspx
Hope, this helps...
Greetings, Ronny
Update:
string Content = "param($object); Import-Module ActiveDirectory; Set-Location AD:; (Get-ACL -Path $object).Access | Where-Object{($_.ActiveDirectoryRights -eq 'ExtendedRight') -and ($_.objectType -eq 'ab721a54-1e2f-11d0-9819-00aa0040529b')}";
And the loop at the end looks like this now:
foreach (PSObject o in PSIResults)
{
ActiveDirectoryAccessRule AccessRule = (ActiveDirectoryAccessRule)o.BaseObject;
/**do something with the AccessRule here**/
}
I want to run a powershell block that save last patched date to a user environment variable, but I tried both cmd.exe and powersehll.exe, only saw the processes in task manager of the guest os, but nothing appears in the environment variable.
here is the my code:
var userName = "name";
var password = "password";
var programPath = "C:\\Windows\\System32\\cmd.exe";
//var programPath = "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe";
var arguments = "-command \"powershell \"[Environment]::SetEnvironmentVariable('LastPathedDate', ((Get - HotFix | sort installedon)[-1]).InstalledOn, 'User')\"\"";
//var arguments = "-command \"[Environment]::SetEnvironmentVariable('LastPathedDate', ((Get - HotFix | sort installedon)[-1]).InstalledOn, 'User')\"";
RunProgramInGuest(vm, userName, password, programPath, arguments);
private void RunProgramInGuest(VirtualMachine vm, string username, string password, string programPath, string arguments)
{
var auth = new NamePasswordAuthentication()
{
Username = username,
Password = password,
//InteractiveSession = true
};
var moRef = new ManagedObjectReference("guestOperationsProcessManager");
GuestProgramSpec spec = new GuestProgramSpec()
{
ProgramPath = programPath,
Arguments = arguments
};
var guestProcessManager = new GuestProcessManager(vCenter, moRef);
var pid = guestProcessManager.StartProgramInGuest(vm.MoRef, auth, spec);
var result = guestProcessManager.ReadEnvironmentVariableInGuest(vm.MoRef, auth, new string[] { "LastPatchedDate", "TEMP" });
guestProcessManager.TerminateProcessInGuest(vm.MoRef, auth, pid);
}
not sure where the problem is, or there is another way to get execute some script block and get the value?
Finally, I make it run.
The cmd.exe cannot execute the script, but he powershell.exe could.
the arguments which works is :
var arguments = "invoke-command -scriptblock {[Environment]::SetEnvironmentVariable('LastPatchedDate', (((Get-HotFix | sort installedon)[-1]).InstalledOn), 'User')}";
another finding is, when you use cmd.exe, you may need to terminate the process according to your parameter. but the powershell.exe has no need to do this.
guestProcessManager.TerminateProcessInGuest(vm.MoRef, auth, pid);
I have the following sample Powershell script that is embedded in my C# application.
Powershell Code
$MeasureProps = "AssociatedItemCount", "ItemCount", "TotalItemSize"
$Databases = Get-MailboxDatabase -Status
foreach($Database in $Databases) {
$AllMBStats = Get-MailboxStatistics -Database $Database.Name
$MBItemAssocCount = $AllMBStats | %{$_.AssociatedItemCount.value} | Measure-Object -Average -Sum
$MBItemCount = $AllMBStats | %{$_.ItemCount.value} | Measure-Object -Average -Sum
New-Object PSObject -Property #{
Server = $Database.Server.Name
DatabaseName = $Database.Name
ItemCount = $MBItemCount.Sum
}
}
Visual Studio offers me the following embedding options:
Every PowerShell sample I've seen (MSDN on Exchange, and MSFT Dev Center) required me to chop up the Powershell command into "bits" and send it through a parser.
I don't want to leave lots of PS1 files with my application, I need to have a single binary with no other "supporting" PS1 file.
How can I make it so myapp.exe is the only thing that my customer sees?
Many customers are averse to moving away from a restricted execution policy because they don't really understand it. It's not a security boundary - it's just an extra hoop to jump through so you don't shoot yourself in the foot. If you want to run ps1 scripts in your own application, simply use your own runspace and use the base authorization manager which pays no heed to system execution policy:
InitialSessionState initial = InitialSessionState.CreateDefault();
// Replace PSAuthorizationManager with a null manager which ignores execution policy
initial.AuthorizationManager = new
System.Management.Automation.AuthorizationManager("MyShellId");
// Extract psm1 from resource, save locally
// ...
// load my extracted module with my commands
initial.ImportPSModule(new[] { <path_to_psm1> });
// open runspace
Runspace runspace = RunspaceFactory.CreateRunspace(initial);
runspace.Open();
RunspaceInvoke invoker = new RunspaceInvoke(runspace);
// execute a command from my module
Collection<PSObject> results = invoker.Invoke("my-command");
// or run a ps1 script
Collection<PSObject> results = invoker.Invoke("c:\temp\extracted\my.ps1");
By using a null authorization manager, execution policy is completed ignored. Remember - this is not some "hack" because execution policy is something for protecting users against themselves. It's not for protecting against malicious third parties.
http://www.nivot.org/nivot2/post/2012/02/10/Bypassing-Restricted-Execution-Policy-in-Code-or-in-Script.aspx
First of all you should try removing your customer's aversion To scripts. Read up about script signing, execution policy etc.
Having said that, you can have the script as a multiline string in C# code itself and execute it.Since you have only one simple script, this is the easiest approach.
You can use the AddScript ,ethos which takes the script as a string ( not script path)
http://msdn.microsoft.com/en-us/library/dd182436(v=vs.85).aspx
You can embed it as a resource and retrieve it via reflection at runtime. Here's a link from MSDN. The article is retrieving embedded images, but the principle is the same.
You sort of hovered the answer out yourself. By adding it as content, you can get access to it at runtime (see Application.GetResourceStream). Then you can either store that as a temp file and execute, or figure out a way to invoke powershell without the use of files.
Store your POSH scripts as embedded resources then run them as needed using something like the code from this MSDN thread:
public static Collection<PSObject> RunScript(string strScript)
{
HttpContext.Current.Session["ScriptError"] = "";
System.Uri serverUri = new Uri(String.Format("http://exchangsserver.contoso.com/powershell?serializationLevel=Full"));
RunspaceConfiguration rc = RunspaceConfiguration.Create();
WSManConnectionInfo wsManInfo = new WSManConnectionInfo(serverUri, SHELL_URI, (PSCredential)null);
using (Runspace runSpace = RunspaceFactory.CreateRunspace(wsManInfo))
{
runSpace.Open();
RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);
scriptInvoker.Invoke("Set-ExecutionPolicy Unrestricted");
PowerShell posh = PowerShell.Create();
posh.Runspace = runSpace;
posh.AddScript(strScript);
Collection<PSObject> results = posh.Invoke();
if (posh.Streams.Error.Count > 0)
{
bool blTesting = false;
string strType = HttpContext.Current.Session["Type"].ToString();
ErrorRecord err = posh.Streams.Error[0];
if (err.CategoryInfo.Reason == "ManagementObjectNotFoundException")
{
HttpContext.Current.Session["ScriptError"] = "Management Object Not Found Exception Error " + err + " running command " + strScript;
runSpace.Close();
return null;
}
else if (err.Exception.Message.ToString().ToLower().Contains("is of type usermailbox.") && (strType.ToLower() == "mailbox"))
{
HttpContext.Current.Session["ScriptError"] = "Mailbox already exists.";
runSpace.Close();
return null;
}
else
{
HttpContext.Current.Session["ScriptError"] = "Error " + err + "<br />Running command " + strScript;
fnWriteLog(HttpContext.Current.Session["ScriptError"].ToString(), "error", strType, blTesting);
runSpace.Close();
return null;
}
}
runSpace.Close();
runSpace.Dispose();
posh.Dispose();
posh = null;
rc = null;
if (results.Count != 0)
{
return results;
}
else
{
return null;
}
}
}
The customer just can't see the PowerShell script in what you deploy, right? You can do whatever you want at runtime. So write it to a temporary directory--even try a named pipe, if you want to get fancy and avoid files--and simply start the PowerShell process on that.
You could even try piping it directly to stdin. That's probably what I'd try first, actually. Then you don't have any record of it being anywhere on the computer. The Process class is versatile enough to do stuff like that without touching the Windows API directly.
I am trying to create a Windows Application that will be able to run a variety of Powershell scripts.
I have a script which works as it should (when run from the Powershell prompt), and my Windows Application seems to execute it like it should, but it is unable to find the methods on my OU.
When I execute the script from the Windows Application, I get these messages out:
ERROR: The following exception occurred while retrieving member "Create": "There
is no such object on the server.
"
ERROR: The following exception occurred while retrieving member "Delete": "There
is no such object on the server."
Powershell script:
function New-AdUser {
param (
[string] $Username = $(throw "Parameter -Username [System.String] is required."),
[string] $Password = $(throw "Parameter -Password [System.String] is required."),
[string] $OrganizationalUnit = "Users",
[string] $DisplayName,
[string] $FirstName,
[string] $LastName,
[string] $Initials,
[string] $MobilePhone,
[string] $Description,
[switch] $CannotChangePassword,
[switch] $PasswordNeverExpires,
[switch] $Disabled
)
try {
$currentDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$dn = $currentDomain.GetDirectoryEntry().distinguishedName
$ou = [ADSI] "LDAP://CN=$OrganizationalUnit,$dn"
$userAccount = $ou.Create("user", "cn=$Username")
$userAccount.SetInfo()
$userAccount.userAccountControl = ($userAccount.userAccountControl.Item(0) -bxor 0x0002) #Enable the account
$userAccount.SetInfo()
$userAccount.sAMAccountName = $Username
$userAccount.SetInfo()
$userAccount.userPrincipalName = ("{0}#{1}" -f $Username, $currentDomain.Name)
if ($DisplayName) {
$userAccount.displayName = $DisplayName
}
if ($Description) {
$userAccount.description = $Description
}
if ($FirstName) {
$userAccount.givenName = $FirstName
}
if ($LastName) {
$userAccount.SN = $LastName
}
if ($Initials) {
$userAccount.initials = $Initials
}
if ($MobilePhone) {
$userAccount.mobile = $MobilePhone
}
$userAccount.SetInfo()
$userAccount.SetPassword($Password)
# Password
if ($PasswordNeverExpires) {
$userAccount.userAccountControl = ($userAccount.userAccountControl.Item(0) -bxor 0x10000)
}
if ($CannotChangePassword) {
$everyOne = [System.Security.Principal.SecurityIdentifier]'S-1-1-0'
$EveryoneDeny = new-object System.DirectoryServices.ActiveDirectoryAccessRule ($Everyone,'ExtendedRight','Deny', [System.Guid]'ab721a53-1e2f-11d0-9819-00aa0040529b')
$self = [System.Security.Principal.SecurityIdentifier]'S-1-5-10'
$SelfDeny = new-object System.DirectoryServices.ActiveDirectoryAccessRule ($self,'ExtendedRight','Deny', [System.Guid]'ab721a53-1e2f-11d0-9819-00aa0040529b')
$userAccount.get_ObjectSecurity().AddAccessRule($selfDeny)
$userAccount.get_ObjectSecurity().AddAccessRule($EveryoneDeny)
$userAccount.CommitChanges()
}
$userAccount.SetInfo()
if ($Disabled) {
$userAccount.userAccountControl = ($userAccount.userAccountControl.Item(0) -bxor 0x0002)
}
$userAccount.SetInfo()
} catch {
Write-Error $_
$ou.Delete("user", "cn=$Username")
return $false
}
return $true
}
The C# code I have is this:
PowerShell ps = PowerShell.Create();
ps.AddScript(GetScript("New-AdUser.ps1"));
ps.Invoke();
ps.AddCommand("New-AdUser").AddParameters(
new List<CommandParameter>() {
new CommandParameter("Username", username),
new CommandParameter("Password", password),
new CommandParameter("FirstName", firstName),
new CommandParameter("LastName", lastName),
new CommandParameter("DisplayName", realName),
new CommandParameter("Initials", initials),
new CommandParameter("MobilePhone", mobilePhone),
new CommandParameter("OrganizationalUnit", "Users"),
new CommandParameter("PasswordNeverExpires")
}
);
var results = ps.Invoke();
foreach (var obj in results)
Console.WriteLine(obj.ToString());
if (ps.Streams.Error.Count > 0)
{
foreach (var err in ps.Streams.Error)
Console.WriteLine("ERROR: {0}", err.ToString());
}
Seems that you are just creating a user in AD. By having the c# code calling a powershell script, you are adding another moving part in your script. Why not call it directly in C# code. Check this MSDN article.
The problem appears to be that the Create method on your ADSI object, $ou, doesn't exist. I would check that it is getting created properly. Run the script outside your application to ensure that it works, or have an extra line that displays its members:
$ou | Get-Member
It almost appears as though the Runspace in the application is being created with a restrictive RunspaceConfiguration, so it can't find System.DirectoryServices for the AD functionality you need.
What do you get when you run the following within in your application?
string script = #"[AppDomain]::CurrentDomain.GetAssemblies()";
PowerShell ps = new PowerShell();
ps.AddScript(script);
var output = ps.Invoke();
foreach (var a in output.Select(pso => (System.Reflection.Assembly)pso.BaseObject))
Console.WriteLine("Assembly: " + a.FullName);
When I run that under the debugger in a plain console application I get 28 assemblies (19 outside the debugger), including System.DirectoryServices. The [AppDomain]::CurrentDomain.GetAssemblies() bit shows 16 when I run it on a vanilla command prompt. System.DirectoryServices shows up in all three lists.
When run from within C# I found that I need to add the PowerShell snap-in "Microsoft.Windows.AD" before being able to run the cmdlet's it provides.