This is a sequel to this post where I used Powershell and WMI to call a remote process. This use case was needed since WMI would create the process in the background. The executable that I needed to run had a front-end GUI, which was not accessible. This post uses psexec to load the exe and define the session ID.
Since I used the same snmpwalk.exe as a test from my last post i'll forgo the details around setting up the SAM template, alert trigger condition and part of the alert trigger action since they will be identical.
1. You will need to download and extract PSTools onto your Orion server. You can download it from Microsoft's website here.
2. I also reference folders that I created on my Orion server. These folders/locations are optional. You can place PSTools and your .bat file any place that Orion can access them.
3. You will need to change one SolarWinds service on Orion to run as a user account and not 'Local System.' Here is a screenshot of the service that you'll need to change. I created an AD account and set the service to run at that, that account also needs to be a member of the local administrator group. Once that service is updated you need to restart it.
Alert Trigger Action Setup
This is what I have for my Alert Trigger Action: Execute An External Program
The full text is:
"C:\SolarWindsScripts\RemoteProcessStart.bat" > C:\SolarWindsScripts\psexec_log.txt 2>&1
The second half of that line, "> C:\SolarWindsScripts\psexec_log.txt 2>&1" is just a redirection of output so that I could see details from psexec. It's optional to include it but handy if you need to troubleshoot anything.
This is the simple .bat file that I had created.
@echo off c:\solarwindsscripts\pstools\psexec.exe -accepteula \\ -u -p -i 0 -d "C:\Path\To\Executable.exe" exit
I set the location of where PSTools was extracted. I forced the -accepteula which is required for unattended uses (automation). You'll just need to modify the server name/IP, username and password.
By default the program will run in the console session (0) which I set with -i 0. If you are using RDP or another screen sharing tool then look in the users tab in task manager to find your session ID in the ID column. Most of the time it should work just fine with -i 0.
Once I had everything configured I tested by closing the snmpwalk.exe. I saw the application monitor fail and trigger an alert. A short time after the alert was triggered the snmpwalk.exe launched again on my remote server.