Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

vbscript - Trying to copy file from one XP PC to another using WMI, since RPC and UNC are not available

I'm new to VBScript. I cannot find a way to copy files from one XP host to another using WMI in a VBS. The usual way of copying files (RPC - Remote Procedure Call, SMB, UNC) are not available to several hosts but WMI is available to all hosts, and I need to copy files from my admin host to a target Windows host. I thought I'd find some sample code out there but I've found no info on it. Haven't found anything telling me it can't be done, either.

The source files are an executable and 'test1.txt' in my admin computer's 'F:TEMP' folder. I want to put the files on remote host HOST1's 'C:TEMP' folder. I have full admin rights on both hosts. Here is what I have so far, just for one file (to keep the testing simple):

strComputer = "HOST1"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!" & strComputer & "
ootcimv2")
Set colFiles = objWMIService.ExecQuery( _
    "Select * from Win32_Directory where Name = 'c:\temp'")
For Each objFiles in colFiles
    errResults  = objFolder.Copy("f:empest1.txt")
    Wscript.Echo errResults
Next
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I learned that WMI cannot create files on a remote host, and it cannot copy files over a network connection: http://msdn.microsoft.com/en-us/library/windows/desktop/aa389288%28v=vs.85%29.aspx

However, it can run a cmd process. Here's Frank White's code in C sharp, followed by his example: https://stackoverflow.com/a/8913231/1569434

InputParameters("CommandLine") = "cmd /c echo myFTPCommands > c:ftpscript.txt"

You will need four things to use all the following scriptlets, which build on each other to use psexec to run a "normal" VBScript or batch script on the remote host:

  1. admin rights on the remote host;
  2. WMI enabled on the remote host
  3. a network share (using RPC, UNC, FTP, etc., but NOT DFS! ("Distributed File System" - see note) that your remote host can access; and
  4. psexec.exe and your "normal" script(s) on the network share.

Important Note: Do NOT use DFS to map the network share! It will fail if you use Distributed File System for your network share. An error code you might get depending on how you try is "System error 1312", no matter which operating system (e.g., XP, Win 7) you use.

When RPC is not available on a remote host but WMI is, then the following method will create a local ASCII file on the remote host's c:emp folder, containing the text "myTextCommands", without the quotes.

' https://stackoverflow.com/questions/8884728/wmi-remote-process-to-copy-file
strCommand = "cmd /c echo myTextCommands > c:empestscript.txt"
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" _
    & strComputer & "
ootcimv2")
Set objProcess = objWMIService.Get("Win32_Process")
errReturn = objProcess.Create(strCommand, null, null, intProcessID)
' See following link for error codes returned by errReturn
' http://msdn.microsoft.com/en-us/library/windows/desktop/aa389388(v=vs.85).aspx

Notice the important limitation in the script above: it can only create ASCII files - not binary.

Let's use that technique to map a drive letter:

strCommand = "cmd /c net use z: " & MyShare & " /user:%USERDOMAIN%\%USERNAME% " _
    & strPassword & ">" & strRemoteLog
Set objProcess = objWMIService.Get("Win32_Process")
Call errProcess

where "strRemoteLog" is set to something like "c:empMyLog.txt", "strPassword" is prompted (see full script example and reference at bottom), and "errProcess" is a subroutine that runs the following process using the "cmd /c" trick mentioned above:

Sub errProcess
errReturn = objProcess.Create(strCommand, null, null, intProcessID)
If errReturn = 0 Then
    Wscript.Echo "Process was started with a process ID: " & intProcessID
    WScript.Sleep 5000
Else
    Wscript.Echo "Process could not be started due to error: " & errReturn
End If
End Sub

With a network drive mapped, copy your script to the host:

strCommand="cmd /c xcopy Z:scriptsSCRIPT1.bat c:emp >>" & strRemoteLog
Call errProcess

SCRIPT1.bat is ready, so start psexec against it on the remote host, passing your script a variable strUserID that would be obtained earlier and is here for example:

strCommand="cmd /c Z:psexec \%COMPUTERNAME% /accepteula -s -n 120 " _
    & cmd /c c:empSCRIPT1.bat " & strUserID & ">>" & strRemoteLog
Call errProcess

Once psexec finishes, you might want to save the results. So you rename the log file, upload it, unmap your drive, and clean up residual files:

strCommand="cmd /c REN " & strRemoteLog & " SCRIPT1-%COMPUTERNAME%.txt"
Call errProcess
strCommand="cmd /c MOVE /Y c:empSCRIPT1*.txt Z:scriptsLOGS"
Call errProcess
strCommand="cmd /c net use * /del /Y"
Call errProcess
strCommand="cmd /c del c:empSCRIPT1*.bat /q"
Call errProcess

You're done. You've successfully mapped a drive, run a routine script against the remote host, and uploaded its output.

Note this method also works on Windows 7 and Windows 2008 with UAC.

Here's the full 'sample' integrated script. Feel free to suggest fixes, improvements, etc.

On Error Resume Next

 MyShare="\SHARE1"
 strRemoteLog="c:empMapZ.txt"

' Set remote hostname
strComputer="HOST2"
'strComputer = InputBox("Enter Computer name", _
'"Find PC", strComputer)

' Set remote userid
strUserID="USERID1"
'strComputer = InputBox("Enter userid", _
'"Find User", strComputer)

' Enumerate cimv2 on remote host strComputer
Set objWMIService = GetObject("winmgmts:" & _
"{impersonationLevel=Impersonate}!//" & strComputer & "
ootcimv2")

' Verify remote host exists on domain
If( IsEmpty( objWMIService ) = True ) Then
    WScript.Echo( "OBJECT_NOT_INITIALIZED :: " & strComputer )
    WScript.Quit( OBJECT_NOT_INITIALIZED )
End If

' Prompt for masked password
strPassword=GetPass

' Build and run command to execute on strComputer
strCommand = "cmd /c net use z: " & MyShare & " /user:%USERDOMAIN%\%USERNAME% " & strPassword & ">" & strRemoteLog
Set objProcess = objWMIService.Get("Win32_Process")
Call errProcess

' Copy script(s) from MyShare to HOST2 since psexec cannot run scripts on shared drives
strCommand="cmd /c xcopy Z:scriptscleanpclocal.bat c:emp /V /C /I /Q /H /R /Y>>" & strRemoteLog
Call errProcess

' Change directory to c:emp
'strCommand="cmd /c cd c:emp>" & strRemoteLog
'Call errProcess

' Start PSEXEC against script
strCommand="cmd /c Z:psexec \%COMPUTERNAME% /accepteula -s -n 120 cmd /c c:empcleanpclocal.bat " & strUserID & ">>" & strRemoteLog
Call errProcess

' Rename logfile to include hostname, upload to share,  unmap networked drive, and delete script
strCommand="cmd /c REN " & strRemoteLog & " cleanpc-%COMPUTERNAME%.txt"
Call errProcess
strCommand="cmd /c MOVE /Y c:empclean*.txt Z:scriptsLOGS"
Call errProcess
strCommand="cmd /c net use * /del /Y"
Call errProcess
strCommand="cmd /c del c:empclean*.bat /q"
Call errProcess

WScript.Quit





' ***********
' APPENDIX
' Subroutines, functions
' ***********

' **SUBROUTINES**
'strCommand="cmd /c dir z:scripts>" & strRemoteLog ' Works to get dir of z:scripts

' Function to handle errReturn
Sub errProcess
WScript.Echo "strCommand=" & strCommand
errReturn = objProcess.Create(strCommand, null, null, intProcessID)

If errReturn = 0 Then
    Wscript.Echo "Process was started with a process ID: " & intProcessID
    WScript.Sleep 5000
Else
    Wscript.Echo "Process could not be started due to error: " & errReturn
End If
WScript.Echo

' Error return codes for Create method of the Win32_Process Class
' http://msdn.microsoft.com/en-us/library/windows/desktop/aa389388(v=vs.85).aspx
' 0=Successful Completion
' 2=Access Denied
' 3=Insufficient Privilege
' 8=Unknown failure
' 9=Path Not Found
' 21=Invalid Parameter

End Sub



' **FUNCTIONS**

' Subroutine to get masked password
Function GetPass
' Mask Passwords Using Internet Explorer
' Ensure you follow the technet.com instructions and create file password.htm
' http://blogs.technet.com/b/heyscriptingguy/archive/2005/02/04/how-can-i-mask-passwords-using-an-inputbox.aspx

Set objExplorer = WScript.CreateObject _
    ("InternetExplorer.Application", "IE_")

objExplorer.Navigate "file:///C:SCRIPTSpassword.htm"   
objExplorer.ToolBar = 0
objExplorer.StatusBar = 0
objExplorer.Width = 400
objExplorer.Height = 350 
objExplorer.Left = 300
objExplorer.Top = 200
objExplorer.Visible = 1             

Do While (objExplorer.Document.Body.All.OKClicked.Value = "")
    Wscript.Sleep 250                 
Loop 

strPassword = objExplorer.Document.Body.All.UserPassword.Value
strButton = objExplorer.Document.Body.All.OKClicked.Value
objExplorer.Quit
Wscript.Sleep 250

If strButton = "Cancelled" Then
    Wscript.Quit
'Else
'    Wscript.Echo strPassword
End If

' Return the password
GetPass = strPassword

End Function

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...