I'm trying to run a simple cmd utility on a remote Windows server from within a vbscript by invoking the Win32_Process class, like so:
serverIP = "10.0.0.3"
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & serverIP & "\root\cimv2:Win32_Process")
RunCommand = "cmd.exe /c echo hello >c:\hello.txt"
wscript.echo RunCommand
intReturn = oWMI.Create(RunCommand, Null, Null, intProcessID)
wscript.echo intReturn
Select Case intReturn
Case 0 Wscript.Echo "Successful"
Case 2 Wscript.Echo "Access denied"
Case 3 Wscript.Echo "Insufficient privilege"
Case 8 Wscript.Echo "Unknown failure"
Case 9 Wscript.Echo "Path not found"
Case 21 Wscript.Echo "Invalid parameter"
Case Else Wscript.Echo "Unable to execute for unknown reason"
End Select
This always fails with insufficient privs (return code 3).
Can anyone see what I'm doing wrong? The script is running from a cmd session invoked as a domain admin, so it should work fine, unless there's something about WMI security that I don't fully understand.
There will probably be people who suggest PSEXEC. I am aware of it and may fall back to it. But this seems like a solvable problem as is, and I'd rather not create dependencies on outside executables for this script.
I'll mention a few things I've tried.
- This fellow says there can be an issue if the profile is not loaded. I have the same problem even if the calling user (a domain admin) is logged into both systems.
- In this thread, Richard Mueller notes that one should specify both impersonationlevel=impersonate and authenticationlevel=Pkt. I tried that. Still no go.
- On this page it seems that one should specify the NT rights needed within the moniker. I have tried specifying SeInteractiveLogonRight, SeNetworkLogonRight, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, and SeChangeNotifyPrivilege. Nothing worked.
A common thread I have noticed in googling this, is that people are seeing this issue with some target computers but not others. So it seems to me that what's fundamentally missing is a full breakdown of the security privs one would need to accomplish this task. A lollipop will be gratefully sent to whomever can provide such a breakdown definitively!
In vain hopes it will increase viewership, I'm going to add the .net tag here, since .net folks often deal with the same WMI issues and may have insight.
Awww. Bump, this isn't going to become a tumbleweed is it?