Trying to copy file from one XP PC to another using WMI, since RPC and UNC are not available
I'm new to VBScript. I cannot find a way to copy files from one XP host to another using WMI in a VBS. The usual way of copying files (RPC - Remote Procedure Call, SMB, UNC) are not available to several hosts but WMI is available to all hosts, and I need to copy files from my admin host to a target Windows host. I thought I'd find some sample code out there but I've found no info on it. Haven't found anything telling me it can't be done, either.
The source files are an executable and 'test1.txt' in my admin computer's 'F:\TEMP' folder. I want to put the files on remote host HOST1's 'C:\TEMP' folder. I have full admin rights on both hosts. Here is what I have so far, just for one file (to keep the testing simple):
strComputer = "HOST1"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colFiles = objWMIService.ExecQuery( _
"Select * from Win32_Directory where Name = 'c:\\temp'")
For Each objFiles in colFiles
errResults = objFolder.Copy("f:\temp\test1.txt")
Wscript.Echo errResults
Next
I learned that WMI cannot create files on a remote host, and it cannot copy files over a network connection: http://msdn.microsoft.com/en-us/library/windows/desktop/aa389288%28v=vs.85%29.aspx
However, it can run a cmd process. Here's Frank White's code in C sharp, followed by his example: https://stackoverflow.com/a/8913231/1569434
InputParameters("CommandLine") = "cmd /c echo myFTPCommands > c:\ftpscript.txt"
You will need four things to use all the following scriptlets, which build on each other to use psexec to run a "normal" VBScript or batch script on the remote host:
- admin rights on the remote host;
- WMI enabled on the remote host
- a network share (using RPC, UNC, FTP, etc., but NOT DFS! ("Distributed File System" - see note) that your remote host can access; and
- psexec.exe and your "normal" script(s) on the network share.
Important Note: Do NOT use DFS to map the network share! It will fail if you use Distributed File System for your network share. An error code you might get depending on how you try is "System error 1312", no matter which operating system (e.g., XP, Win 7) you use.
When RPC is not available on a remote host but WMI is, then the following method will create a local ASCII file on the remote host's c:\temp folder, containing the text "myTextCommands", without the quotes.
' https://stackoverflow.com/questions/8884728/wmi-remote-process-to-copy-file
strCommand = "cmd /c echo myTextCommands > c:\temp\testscript.txt"
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set objProcess = objWMIService.Get("Win32_Process")
errReturn = objProcess.Create(strCommand, null, null, intProcessID)
' See following link for error codes returned by errReturn
' http://msdn.microsoft.com/en-us/library/windows/desktop/aa389388(v=vs.85).aspx
Notice the important limitation in the script above: it can only create ASCII files - not binary.
Let's use that technique to map a drive letter:
strCommand = "cmd /c net use z: " & MyShare & " /user:%USERDOMAIN%\%USERNAME% " _
& strPassword & ">" & strRemoteLog
Set objProcess = objWMIService.Get("Win32_Process")
Call errProcess
where "strRemoteLog" is set to something like "c:\temp\MyLog.txt", "strPassword" is prompted (see full script example and reference at bottom), and "errProcess" is a subroutine that runs the following process using the "cmd /c" trick mentioned above:
Sub errProcess
errReturn = objProcess.Create(strCommand, null, null, intProcessID)
If errReturn = 0 Then
Wscript.Echo "Process was started with a process ID: " & intProcessID
WScript.Sleep 5000
Else
Wscript.Echo "Process could not be started due to error: " & errReturn
End If
End Sub
With a network drive mapped, copy your script to the host:
strCommand="cmd /c xcopy Z:\scripts\SCRIPT1.bat c:\temp\ >>" & strRemoteLog
Call errProcess
SCRIPT1.bat is ready, so start psexec against it on the remote host, passing your script a variable strUserID that would be obtained earlier and is here for example:
strCommand="cmd /c Z:\psexec \\%COMPUTERNAME% /accepteula -s -n 120 " _
& cmd /c c:\temp\SCRIPT1.bat " & strUserID & ">>" & strRemoteLog
Call errProcess
Once psexec finishes, you might want to save the results. So you rename the log file, upload it, unmap your drive, and clean up residual files:
strCommand="cmd /c REN " & strRemoteLog & " SCRIPT1-%COMPUTERNAME%.txt"
Call errProcess
strCommand="cmd /c MOVE /Y c:\temp\SCRIPT1*.txt Z:\scripts\LOGS\"
Call errProcess
strCommand="cmd /c net use * /del /Y"
Call errProcess
strCommand="cmd /c del c:\temp\SCRIPT1*.bat /q"
Call errProcess
You're done. You've successfully mapped a drive, run a routine script against the remote host, and uploaded its output.
Note this method also works on Windows 7 and Windows 2008 with UAC.
Here's the full 'sample' integrated script. Feel free to suggest fixes, improvements, etc.
On Error Resume Next
MyShare="\\SHARE1"
strRemoteLog="c:\temp\MapZ.txt"
' Set remote hostname
strComputer="HOST2"
'strComputer = InputBox("Enter Computer name", _
'"Find PC", strComputer)
' Set remote userid
strUserID="USERID1"
'strComputer = InputBox("Enter userid", _
'"Find User", strComputer)
' Enumerate cimv2 on remote host strComputer
Set objWMIService = GetObject("winmgmts:" & _
"{impersonationLevel=Impersonate}!//" & strComputer & "\root\cimv2")
' Verify remote host exists on domain
If( IsEmpty( objWMIService ) = True ) Then
WScript.Echo( "OBJECT_NOT_INITIALIZED :: " & strComputer )
WScript.Quit( OBJECT_NOT_INITIALIZED )
End If
' Prompt for masked password
strPassword=GetPass
' Build and run command to execute on strComputer
strCommand = "cmd /c net use z: " & MyShare & " /user:%USERDOMAIN%\%USERNAME% " & strPassword & ">" & strRemoteLog
Set objProcess = objWMIService.Get("Win32_Process")
Call errProcess
' Copy script(s) from MyShare to HOST2 since psexec cannot run scripts on shared drives
strCommand="cmd /c xcopy Z:\scripts\cleanpclocal.bat c:\temp\ /V /C /I /Q /H /R /Y>>" & strRemoteLog
Call errProcess
' Change directory to c:\temp
'strCommand="cmd /c cd c:\temp>" & strRemoteLog
'Call errProcess
' Start PSEXEC against script
strCommand="cmd /c Z:\psexec \\%COMPUTERNAME% /accepteula -s -n 120 cmd /c c:\temp\cleanpclocal.bat " & strUserID & ">>" & strRemoteLog
Call errProcess
' Rename logfile to include hostname, upload to share, unmap networked drive, and delete script
strCommand="cmd /c REN " & strRemoteLog & " cleanpc-%COMPUTERNAME%.txt"
Call errProcess
strCommand="cmd /c MOVE /Y c:\temp\clean*.txt Z:\scripts\LOGS\"
Call errProcess
strCommand="cmd /c net use * /del /Y"
Call errProcess
strCommand="cmd /c del c:\temp\clean*.bat /q"
Call errProcess
WScript.Quit
' ***********
' APPENDIX
' Subroutines, functions
' ***********
' **SUBROUTINES**
'strCommand="cmd /c dir z:\scripts\>" & strRemoteLog ' Works to get dir of z:\scripts\
' Function to handle errReturn
Sub errProcess
WScript.Echo "strCommand=" & strCommand
errReturn = objProcess.Create(strCommand, null, null, intProcessID)
If errReturn = 0 Then
Wscript.Echo "Process was started with a process ID: " & intProcessID
WScript.Sleep 5000
Else
Wscript.Echo "Process could not be started due to error: " & errReturn
End If
WScript.Echo
' Error return codes for Create method of the Win32_Process Class
' http://msdn.microsoft.com/en-us/library/windows/desktop/aa389388(v=vs.85).aspx
' 0=Successful Completion
' 2=Access Denied
' 3=Insufficient Privilege
' 8=Unknown failure
' 9=Path Not Found
' 21=Invalid Parameter
End Sub
' **FUNCTIONS**
' Subroutine to get masked password
Function GetPass
' Mask Passwords Using Internet Explorer
' Ensure you follow the technet.com instructions and create file password.htm
' http://blogs.technet.com/b/heyscriptingguy/archive/2005/02/04/how-can-i-mask-passwords-using-an-inputbox.aspx
Set objExplorer = WScript.CreateObject _
("InternetExplorer.Application", "IE_")
objExplorer.Navigate "file:///C:\SCRIPTS\password.htm"
objExplorer.ToolBar = 0
objExplorer.StatusBar = 0
objExplorer.Width = 400
objExplorer.Height = 350
objExplorer.Left = 300
objExplorer.Top = 200
objExplorer.Visible = 1
Do While (objExplorer.Document.Body.All.OKClicked.Value = "")
Wscript.Sleep 250
Loop
strPassword = objExplorer.Document.Body.All.UserPassword.Value
strButton = objExplorer.Document.Body.All.OKClicked.Value
objExplorer.Quit
Wscript.Sleep 250
If strButton = "Cancelled" Then
Wscript.Quit
'Else
' Wscript.Echo strPassword
End If
' Return the password
GetPass = strPassword
End Function
Firstly, I think there's a typo in your code where you've written:
errResults = objFolder.Copy("f:\temp\test1.txt")
I think you meant:
errResults = objFiles.Copy("f:\temp\test1.txt")
Secondly, I don't know if what you're trying to do is possible. I think the code you've got might copy a file from a directory on the remote computer to another directory on the remote computer.
For a solution though, if WMI is available remotely on all the computers, that means that at least one port is open. If that's the case, are there any other ports that are open? If so, maybe you could set up a FTP server on your admin host on port X and then have the other hosts send the file by automating the default XP FTP client.
I know this question is old, but came across is when I was trying to find a solution so figured would direct people to an answer I wrote up and posted here:
.NET - Copying an executable across LAN to another computer, and executing it
In short, it is possible to echo base64 conversion of any file (including an exe) using WMI and then decode it with certutil.