PSEXEC to start remote process

Version 4

    Overview

    This is a sequel to this post where I used Powershell and WMI to call a remote process. This use case was needed since WMI would create the process in the background. The executable that I needed to run had a front-end GUI, which was not accessible. This post uses psexec to load the exe and define the session ID.

     

    Since I used the same snmpwalk.exe as a test from my last post i'll forgo the details around setting up the SAM template, alert trigger condition and part of the alert trigger action since they will be identical.

     

    Prerequisites

    1. You will need to download and extract PSTools onto your Orion server. You can download it from Microsoft's website here.

    2. I also reference folders that I created on my Orion server. These folders/locations are optional. You can place PSTools and your .bat file any place that Orion can access them.

    3. You will need to change three services on Orion to run as a user account and not 'Local System.' Here is a screenshot of the services that you'll need to change. For testing I just set them to the local administrator account. Once those services are updated I recommend using the Orion Service Manager and stopping all services and then starting them.

    2015-08-26_0850.png

     

    Configuration

    Alert Trigger Action Setup

    This is what I have for my Alert Trigger Action: Execute An External Program

    2015-08-26_0903.png

     

    The full text is:

    "C:\SolarWindsScripts\RemoteProcessStart.bat"  > C:\SolarWindsScripts\psexec_log.txt 2>&1

     

    The second half of that line, "> C:\SolarWindsScripts\psexec_log.txt 2>&1" is just a redirection of output so that I could see details from psexec. It's optional to include it but handy if you need to troubleshoot anything.

     

    This is the simple .bat file that I had created.

    @echo off
    c:\solarwindsscripts\pstools\psexec.exe -accepteula \\<server name> -u <username> -p <password> -i 0 -d "C:\Path\To\Executable.exe"
    exit
       

     

    I set the location of where PSTools was extracted. I forced the -accepteula which is required for unattended uses (automation). You'll just need to modify the server name/IP, username and password.

     

    By default the program will run in the console session (0) which I set with -i 0. If you are using RDP or another screen sharing tool then look in the users tab in task manager to find your session ID in the ID column. Most of the time it should work just fine with -i 0.

     

    Once I had everything configured I tested by closing the snmpwalk.exe. I saw the application monitor fail and trigger an alert. A short time after the alert was triggered the snmpwalk.exe launched again on my remote server.

     

    Enjoy!