cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

PSEXEC to start remote process

Overview

This is a sequel to this post where I used Powershell and WMI to call a remote process. This use case was needed since WMI would create the process in the background. The executable that I needed to run had a front-end GUI, which was not accessible. This post uses psexec to load the exe and define the session ID.

Since I used the same snmpwalk.exe as a test from my last post i'll forgo the details around setting up the SAM template, alert trigger condition and part of the alert trigger action since they will be identical.

Prerequisites

1. You will need to download and extract PSTools onto your Orion server. You can download it from Microsoft's website here.

2. I also reference folders that I created on my Orion server. These folders/locations are optional. You can place PSTools and your .bat file any place that Orion can access them.

3. You will need to change one SolarWinds service on Orion to run as a user account and not 'Local System.' Here is a screenshot of the service that you'll need to change. I created an AD account and set the service to run at that, that account also needs to be a member of the local administrator group. Once that service is updated you need to restart it.

pastedImage_0.png

Configuration

Alert Trigger Action Setup

This is what I have for my Alert Trigger Action: Execute An External Program

2015-08-26_0903.png

The full text is:

"C:\SolarWindsScripts\RemoteProcessStart.bat"  > C:\SolarWindsScripts\psexec_log.txt 2>&1

The second half of that line, "> C:\SolarWindsScripts\psexec_log.txt 2>&1" is just a redirection of output so that I could see details from psexec. It's optional to include it but handy if you need to troubleshoot anything.

This is the simple .bat file that I had created.

@echo off
c:\solarwindsscripts\pstools\psexec.exe -accepteula \\ -u  -p  -i 0 -d "C:\Path\To\Executable.exe"
exit
  

I set the location of where PSTools was extracted. I forced the -accepteula which is required for unattended uses (automation). You'll just need to modify the server name/IP, username and password.

By default the program will run in the console session (0) which I set with -i 0. If you are using RDP or another screen sharing tool then look in the users tab in task manager to find your session ID in the ID column. Most of the time it should work just fine with -i 0.

Once I had everything configured I tested by closing the snmpwalk.exe. I saw the application monitor fail and trigger an alert. A short time after the alert was triggered the snmpwalk.exe launched again on my remote server.

Enjoy!

Comments

So, I have everything working, but what I cannot understand is how can I pass the local computer name through to that batch file?

I have a process that I need to ensure it running at all times on a node. I have an alert that triggers when the application is closed on a group of nodes that should then start the service remotely. How do you get SolarWinds to pass through the device name so that the remote process runs on the identified computer?

You can also use the line below in trigger actions to execute the command remotely, like this to delete windows temp files

C:\windows\system32\psexec.exe \\${N=SwisEntity;M=Node.IP_Address} -u domain\service_account -p password cmd.exe /s /c "del /s /q c:\windows\temp\*.*"

Version history
Revision #:
1 of 1
Last update:
‎08-26-2015 10:07 AM
Updated by: