WMI and Remote Share Permissions

Johnny
over 3 years ago
 Being a contractor I have been on many sites that are just frustrating. 
One of the biggest pains in the butt is having to use workarounds on top of workarounds just to use PowerShell. Currently, I am at a location that has really tight security. It’s one fight after another trying to get things done.
Does anybody else have these head banging on the desk struggles? I cannot do any remoting so I am falling back to using WMI.
Below is an example of the code I am using (very scald down but hopefully you get the idea.

I have reasonable success doing it this way but have run into a problem with share permissions. I could probably put some code together that is a one liner for NTF permissions an have that dumped to a CSV that I pull back but I am struggling with the share permissions. 
Does anybody have any suggestions on how I can go about getting the local share permissions?
My PC:
C: Drive:  Blocked access
PS Ver: 3.0
Running scripts: Disabled (I can get by this by copy and pasting the code into a PS window to load the cmdlets
 
Servers:
PS Ver: 2.0
Remoting: Disabled (on most)
Running scripts: Disabled (I can still run WMI commands I just can run something like “Powershell ./Myscript.ps1”
 
# Example code
$Creds = Get-Credential "Domain\UserName"
$LocalPath = "H:\Data"
$Servers="Server1","Server2" 
# Create an array with one liber commands
$CMD = @()
$CMD += "cmd /C C:\Windows\System32\schtasks.exe /Query /V /FO CSV > C:\ScheduledTasks.csv"
$CMD += "Powershell gwmi Win32_Share | select  | Export-csv C:\Shares.csv -NoTypeInformation" 
# map a drive to each of the servers
$Servers | % {
New-PSDrive -Name $_ -PSProvider FileSystem -Root ('\\' + $_ + '\C$') -Credential $Creds
}
# Execute WMI commands on remote systems
$CMD | % {
Invoke-WmiMethod Win32_process -name Create -ArgumentList ($_) -ComputerName $Servers -Credential $creds
}
$Servers | % {   
# Move exported data to personal drive for later manuiplation
Move-Item -Path ($_ + ':\ScheduledTasks.Csv') -Destination ("$LocalPath\$_-ScheduledTasks.csv")
Move-Item -Path ($_ + ':\Shares.Csv') -Destination ("$LocalPath\$_-Shares.csv")
# Remove mapped drive
Remove-PSDrive  $_
}
 

 

 
Does anybody else have the frustration with an enterprise that has not adopted PS? PS 5.0 brings so much more to the table and with remoting I could accomplish the task at hand in a few hours but I have ben working on different workarounds for a couple weeks now. Hitting one roadblock (like no remoting, or old versions) after another. 
 
 
 
 
 
Parents
No Data
Reply
  • over 3 years ago

    As for the execution policy, that is fairly simple to work around. It is not intended as a security feature so simply running this as a non-administrative user will completely circumvent the policy:

    • Set-ExecutionPolicy -ExecutionPolicy bypass -Scope Process
    • powershell -executionpolicy bypass
    I have not dealt with the frustration that you are mentioning, most companies I have worked for are very happy to have admins proficient in PowerShell. Perhaps you should take Jeff up on his offer on having him speak to your company. Jeff is an authority in the field of PowerShell so if he cannot convince them, I don't know who would :)

Children
No Data