Dec 28 2021 09:22 AM
I need to copy a file from the network share to the C:\windows\temp folder, then install the software on the local machine using the proactive remediation script. All of our software installation files are on a netowrk drive. Any way to access network drive via remediation script?
Dec 28 2021 09:46 AM
Dec 28 2021 10:43 AM - edited Dec 28 2021 10:43 AM
@Rudy_Ooms_MVP Ok so using psexec -s -i powershell, I tried navigating to the network share \\sharename and access denied. What exactly do you mean by adding credentials to custom remediation script? Is there a way to run script in SYSTEM context BUT retrieve the .exe from the network share and place it in the temp folder using other specified credentials?
Could I use an invoke-command to run series of commands as specified user?
$password = ConvertTo-SecureString "hello1" -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential ("myUsername", $password)
$alternateUsers = [scriptblock]{
Copy-Item -Path (Join-Path -Path "\\sh.com\util\software\FreshService\2.9 Agent" -ChildPath "fs-windows-agent-2.9.0.msi") `
-Destination "$tempPath\fs-windows-agent-2.9.0.msi"
}
Invoke-Command -ScriptBlock $alternateUsers -Credential $Cred
Can something like this work? And the script still stays in the SYSTEM context just not the script block, yea?
Dec 28 2021 10:51 AM - edited Dec 28 2021 10:52 AM
Hi,
Need to check the script from my notebook to be sure… but as long as you supply the proper creds to access the share it would be okay.
Another possibility would be to split it up? Run one pro active as the user to copy the files and one pro active remediation run as systemto install them?
Dec 28 2021 02:02 PM
@Rudy_Ooms_MVP Just to validate that this method works. Thanks for pointing out a user account to handle the network share permissions
$password = ConvertTo-SecureString "p@ssw0rd" -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential ("domain.com\adminAccount", $password)
$alternateUsers = [scriptblock]{
Copy-Item -Path (Join-Path -Path "\\sharedDrive.com\util\software\FreshService\2.9 Agent" -ChildPath "fs-windows-agent-2.9.0.msi") -Destination "C:\windows\temp\fs-windows-agent-2.9.0.msi"
}
# https://www.itdroplets.com/run-a-command-as-a-different-user-in-powershell/
$GetProcessJob = Start-Job -ScriptBlock $alternateUsers -Credential $Cred
Wait-Job $GetProcessJob
$GetProcessResult = Receive-Job -Job $GetProcessJob
Write-Output $GetProcessResult
#Will set timer/timeout function
#if($GetProcessResult.state -eq "Completed"){
Start-Process "C:\windows\temp\fs-windows-agent-2.9.0.msi" -ArgumentList "/i /qn"
#}
Dec 28 2021 10:32 PM