Execute remote process through WMI and Powershell

Version 4

    This document outlines how you can use WMI to remotely call a process on a Windows Server. The really nice part about this script is it allows you to centrally store the script on the orion server and use WMI to remotely call a process on another server. This also does not require WinRM to be configured and should work on any Windows server with WMI/Powershell installed, granted correct permissions.

     

    This stemmed from the need to monitor a process on a remote server and start it if it died. You can use the script for just about anything you need (call cmd/powershell and run commands or call a remote script, restart services, etc).

     

    **If you're only looking for how to setup and configure an Alert Trigger Action:Execute An External Program then skip to step 3.**

     

    1.  For this test i'm monitoring the Solarwinds snmpwalk.exe. I created a template in SAM to monitor it. You can monitor the process through the Component Wizard or Real-Time Process Monitor

    2015-08-18_1037.png

     

    2. Once the process was being monitored i needed to create the alert. I copied the 'Alert me when a component goes down.' Here is what my alert trigger condition looks like. The last condition is where i define the process that I'm looking for.

    2015-08-18_1040.png

     

     

    Here is what my Alert Trigger Action looks like. Click


         3a. 'Add Action' button and choose 'Execute an External Program'

    2015-08-18_1047.png


         3b. Give the action a name, I just called it the name of the script.

    2015-08-18_1051.png

     

    Here is what I have in 'Network path to external program. This is running the script on the local Orion server. The script then calls the remote server through WMI to launch the defined process.

     

    C:\windows\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy unrestricted -command "C:\Path\To\Powershell\Script\On\Orion\Server.ps1 -RemoteNodeUserName:<username> -RemoteNodePassword:<password> -RemoteNodeName:<ServerName/IP> -LocalPathToExecutable:<C:\Path\To\program.exe>"

     

    There are 4 parameters that need to be passes into this script:

    ---RemoteNodeUserName

    ---RemoteNodePassword

    ---RemoteNodeName

    ---LocalPathToExecutable

     

    I also created a folder on my Orion server at C:\SolarWindsScripts, which is where the .ps1 file is located. I also have it exporting details to a log file at C:\SolarWindsScripts\Log. These can be changed as needed.

     

    Here is a full example of what my test looks like. I included the Orion Node Variable for the -RemoteNameName so that it passed the respective server in alarm.

     

    C:\windows\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy unrestricted -command "C:\SolarWindsScripts\StartRemoteProcessWMI.ps1 -RemoteNodeUserName:'.\Administrator' -RemoteNodePassword:'**********' -RemoteNodeName:${N=SwisEntity;M=Application.Node.SysName} -LocalPathToExecutable:'C:\Program Files (x86)\SolarWinds\Orion\SnmpWalk.exe' "

     

    The last parameter, -LocalPathToExecutable, should allow you to customize this script to just about anything you're looking for.

    C:\Windows\System32\cmd.exe /c net restart <service>

    C:\Windows\System32\cmd.exe /c shutdown -r -f -t 0

    C:\Windows\System32\cmd.exe /c C:\AnotherScript.bat


    Enjoy!