Monitoring and maintaining large-scale, complex, highly distributed and interconnected systems can be extremely challenging for network administrators. Traditional IT management approaches are ill-equipped to handle the complexity of today's application architectures and deployment environments. It's common that an IT admin would support hundreds of machines in an enterprise network daily, but having to physically run down to each machine individually in order to issue a simple command is not acceptable. Therefore, being able to execute system commands remotely without too much additional pre-configuration is always a welcomed and appreciated solution.web
In this blog post, we are going to discuss how to use two remote command execution tools, PowerShell and PsExec. We will show how to use each of these tools to remotely execute command line tools, using two OPSWAT products, OESIS Diagnose and Metascan Client, for our examples.shell
OESIS Diagnose is a troubleshooting tool for the OESIS project. It leverages OESIS Local functionalities internally and provides necessary information and visibility to the OPSWAT engineering team. Metascan Client is a GUI based utility that connects to the Metascan server and performs on-demand scan function calls.windows
*These steps are provided under the assumption that the user domain is in a protected network and that the command is being triggered by the system administrator.session
Introduction:app
PowerShell is provided by Microsoft as a replacement of shell to bring advanced scripting to Windows. It provides full access to COM and WMI and enables administrator to perform system commands on both local and remote Windows systems. Previously, PowerShell was packaged as a separate add-on to Windows, marketed mainly to server administrators. Starting with Windows 7, PowerShell is now a built-in part of the operating system, giving this capability to all Windows users.dom
Step by step usage for OESIS Diagnose:ide
PS C:\Windows\system32> Enable-PSRemoting -force_post |
PS C:\Windows\system32> Set-Item wsman:\localhost\Client\TrustedHosts -value 10.0.X.X_flex |
PS C:\Windows\system32> Set-ExecutionPolicy RemoteSigned_ui |
#Predefine necessary information #Create credential object #Create session object with this #Invoke-Command #Close Session |
PS C:\Windows\system32> ./remoteLaunchOESISDiagnose.ps1_ |
Step by step usage for Metascan Client:
#Predefine necessary information #Create credential object #Create session object with this #Invoke-Command #Close Session |
PS C:\Windows\system32> ./remoteLaunchMetascanClient.ps1_ |
Limitations:
Both the OESIS Diagnose and Metascan Client scan functions are able to be executed remotely via PowerShell, but PowerShell fails to launch Metascan Client UI from the remote machine. This is because when remotely accessing a machine via PowerShell, an interactive desktop session is not started. For security reasons, users can only see applications that are opened within their own interactive sessions. Basically every Windows operating system thinks it's a Terminal Server, but Windows does not want users opening applications that other users could possibly see. Windows assumes that multiple users will be using the machine, so it isolates these applications for a number of obvious security reasons.
Introduction:
PsExec is a command line tool allowing the execution of processes on a remote system and transfer the results of operations to the local console. It has a long list of optional parameters that allow a great deal of flexibility for IT administrators. The key feature of PsExec is to allow users to run a script or application within the security context of either the currently logged on user or as a user provided during program initialization.
Step by step usage for OESIS Diagnose:
C:\whereYouSavePsExec>PsExec.exe \\10.0.X.X -u username -p password C"\OESISLocalPackage\OesisDiagnose_V3.exe_ |
Step by step usage for Metascan Client:
C:\whereYouSavePsExec>PsExec.exe \\10.0.X.X -u username -p password C:\MetascanClientPackage\MetascanClient.exe server="10.0.Y.Y:8008/metascan_rest" auto_start=1 allowed_scan_levels=1_ |
Limitations:
PsExec does not natively come with the Windows operating system, users have to download the PSTool package separately (an extra 1.6 Mb folder). PsExec does not provide an easy way for users to access network resources on the remote machine, due to the input argument being limited to 256 characters. Some older versions such as v1.73 and v1.82 have some serious problems with programmatic redirection of StdOut over named pipes.
Notes: On the Microsoft website, it mentions the below statement 「some anti-virus engines report that one or more of the tools are infected with a ‘remote admin’ virus.」 But, according to the latest scan result from Metascan Online, there were no antivirus engines detecting the PSTool package as a threat.
Summary:
Both PowerShell and PsExec have some advantages and disadvantages for network administrators. When it comes down to it, there is really no good or bad choice between PowerShell and PsExec, it largely depends on which system management tools IT administrators decide to select. The best option for novice users would be to use the PsExec option, considering it’s the easiest to start out with and allows you to run CLI based executables remotely and take advantage of the full feature set.
Announcement: Metascan Client is now Metadefender Client as part of our streamlined Metadefender Product Family. Check out the blog announcement to learn more.