This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Execute remote process through WMI and Powershell

This document outlines how you can use WMI to remotely call a process on a Windows Server. The really nice part about this script is it allows you to centrally store the script on the orion server and use WMI to remotely call a process on another server. This also does not require WinRM to be configured and should work on any Windows server with WMI/Powershell installed, granted correct permissions.

This stemmed from the need to monitor a process on a remote server and start it if it died. You can use the script for just about anything you need (call cmd/powershell and run commands or call a remote script, restart services, etc).

**If you're only looking for how to setup and configure an Alert Trigger Action:Execute An External Program then skip to step 3.**

1.  For this test i'm monitoring the Solarwinds snmpwalk.exe. I created a template in SAM to monitor it. You can monitor the process through the Component Wizard or Real-Time Process Monitor

2015-08-18_1037.png

2. Once the process was being monitored i needed to create the alert. I copied the 'Alert me when a component goes down.' Here is what my alert trigger condition looks like. The last condition is where i define the process that I'm looking for.

2015-08-18_1040.png

Here is what my Alert Trigger Action looks like. Click


     3a. 'Add Action' button and choose 'Execute an External Program'

2015-08-18_1047.png


     3b. Give the action a name, I just called it the name of the script.

2015-08-18_1051.png

Here is what I have in 'Network path to external program. This is running the script on the local Orion server. The script then calls the remote server through WMI to launch the defined process.

C:\windows\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy unrestricted -command "C:\Path\To\Powershell\Script\On\Orion\Server.ps1 -RemoteNodeUserName:<username> -RemoteNodePassword:<password> -RemoteNodeName:<ServerName/IP> -LocalPathToExecutable:<C:\Path\To\program.exe>"

There are 4 parameters that need to be passes into this script:

---RemoteNodeUserName

---RemoteNodePassword

---RemoteNodeName

---LocalPathToExecutable

I also created a folder on my Orion server at C:\SolarWindsScripts, which is where the .ps1 file is located. I also have it exporting details to a log file at C:\SolarWindsScripts\Log. These can be changed as needed.

Here is a full example of what my test looks like. I included the Orion Node Variable for the -RemoteNameName so that it passed the respective server in alarm.

C:\windows\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy unrestricted -command "C:\SolarWindsScripts\StartRemoteProcessWMI.ps1 -RemoteNodeUserName:'.\Administrator' -RemoteNodePassword:'**********' -RemoteNodeName:${N=SwisEntity;M=Application.Node.SysName} -LocalPathToExecutable:'C:\Program Files (x86)\SolarWinds\Orion\SnmpWalk.exe' "

The last parameter, -LocalPathToExecutable, should allow you to customize this script to just about anything you're looking for.

C:\Windows\System32\cmd.exe /c net restart <service>

C:\Windows\System32\cmd.exe /c shutdown -r -f -t 0

C:\Windows\System32\cmd.exe /c C:\AnotherScript.bat


Enjoy!

StartRemoteProcessWMI.ps1
  • Just wanted to say thanks for this.

    I have used this script and process for multiple issues that before took an absurd amount of time to fix when you are dealing with thousands of servers...

    One particular helpful tweak is to have it reset the lodctr /R on any application in an unknown status. Cleared like 100 different app/component "unknowns" i had.

  • Hi there,

    I realise this post is a few years old so not sure if the the version I'm using is preventing this from running correctly.

    I'm running SAM 6.5.0 and almost have this working - Im trying to use this WMI script to remotely execute a powershell script on another server.  I can run this WMI script from a powershell shell on the solarwinds server and it excutes the remote script perfectly - when it does I get this in the log and I see the powershell process spawn on the remote node while it executes:

    2018-02-20 16:19:46Z Connecting to DMWSPROD03

    2018-02-20 16:19:46Z Process to create is C:\windows\system32\windowspowershell\v1.0\powershell.exe C:\Scripts\restart_imEmailSvc.ps1

    2018-02-20 16:19:48Z Successfully launched C:\windows\system32\windowspowershell\v1.0\powershell.exe C:\Scripts\restart_imEmailSvc.ps1 on DMWSPROD03 with a process id of 3604

    When I simulate this from a SolarWinds alert all I get in the log is this and the powershell process does not start on the remote node:

    2018-02-20 16:22:16Z Connecting to DMWSPROD03

    2018-02-20 16:22:16Z Process to create is C:\windows\system32\windowspowershell\v1.0\powershell.exe C:\Scripts\restart_imEmailSvc.ps1

    Any suggestions or ideas?

    Thanks

    -- EDIT:  actually found the issue, read this post here Execute external program via Alert? this bit in particular (in my version its called "SolarWinds Orion Module Engine"):

    pastedImage_2.png

  • Simulating an alert will not execute the script, unfortunately. The alert needs to be triggered based off of the conditions for the script to be executed.

    Also, you still need to set the Orion Module Engine to run as either a local or AD user and not as local system for the script to work once the trigger conditions have been met.

  • Hi yes, sorry - I should have mentioned that I had set up the conditions for the alert prior.  I've been using a Windows Service Monitor to alert us when the service crashes - I wanted to put something together that further killed it then restarted it which, with the help of your script, I've now managed to do that and its working well.

    I had one last thing to figure out because I changed the script slightly, I removed the $RemoteNodePassword and added a encrypted password file instead.  When doing that the encrypted file needs to be generated with the useraccount that will be running the script otherwise a key error occurs.

    So the two things I had to do was change the SolarWinds Orion Module Engine service to use an account that had permissions to run scripts remotely and then generate the encrypted password file as that user as well.

    Changes I made to the script:

    changed this line from:

    param([string]$RemoteNodeUserName, [string]$RemoteNodePassword, [string]$RemoteNodeName, [string]$LocalPathToExecutable)

    to:

    param([string]$RemoteNodeUserName, [string]$RemoteNodeName, [string]$LocalPathToExecutable)

    generated a password file using:

    "password" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File "C:\SolarWindsScripts\imEmailSvc_service_script\encPwd"

    added this:

    $File = "C:\SolarWindsScripts\imEmailSvc_service_script\encPwd"

    changed this line:

    $Credentials = New-Object System.Management.Automation.PSCredential($RemoteNodeUserName,(ConvertTo-SecureString $RemoteNodePassword -AsPlainText -Force))

    to:

    $Credentials = New-Object System.Management.Automation.PSCredential($RemoteNodeUserName,(Get-Content $File | ConvertTo-SecureString))

    Thanks

  • I wonder if there is a way to use SolarWinds credential library to run scripts versus passing username/password inside the script.