Author Posts

September 18, 2017 at 9:58 pm

Hey Everyone,
I made some progress but I am still getting "Access is denied" error codes coming back from computers. Anyone have suggestions? The underlines have script in them I have just removed for security purposes.
Rocky
foreach ($pc in (get-adcomputer -searchbase "OU=Laptops,OU=Computers,OU=_____, OU=NA, OU=Regions, DC=___, DC=____, DC=___" -filter *|where{$_.enabled}).Name) {
$pc
invoke-command -ComputerName $pc -scriptblock {Start-Process -FilePath "\\_____\temp$\CC\CCleaner64.exe" -ArgumentList "/CLEANER /AUTO"}
}

September 27, 2017 at 12:02 pm

If you run this for just one computer does it work? Is it all computers failing? You should also look at the double hop problem as the path you are using in invoke-command looks to be remote to the system you are remoting to.

September 27, 2017 at 8:24 pm

Hey Rocky

Inovke-Command is very powerful if you set up your environment with WinRM PSRemoting and set-Executionpolicy set to 'RemoteSigned'.
It can also fan out your command across the whole network in parallel. But if you haven't got it working you can always use Invoke-WmiMethod as below. Be aware that this command doesn't like UNC path that begins with \\. It uses the local path on the remote machine. In your case, CCleaner would have already been installed. So, just use the local path (absolute path).

$Computers = Get-DdComputer -SearchBase "OU=Laptops,OU=Computers,OU=_____, OU=NA, OU=Regions, DC=___, DC=____, DC=___" -filter *|where{$_.enabled}).Name)
Foreach($PC in $Computers){
    Write-Output $PC
    Invoke-WmiMethod Win32_Process -Name Create -ArgumentList 'C:\temp\CC\CCleaner64.exe "/CLEANER /AUTO"' -ComputerName $PC
}

September 27, 2017 at 8:28 pm

Correction:
$Computers = (Get-AdComputer -SearchBase "OU=Laptops,OU=Computers,OU=_, OU=NA, OU=Regions, DC=_, DC=_, DC=_" -Filter * | where{$_.enabled}).Name

September 27, 2017 at 9:46 pm

All computers are failing with script.

September 27, 2017 at 10:52 pm

Ok if all are failing try something simple that is non destructive 1st like "Get-Service -Name BITS"

foreach ($pc in (get-adcomputer -searchbase "OU=Laptops,OU=Computers,OU=_____, OU=NA, OU=Regions, DC=___, DC=____, DC=___" -filter *|where{$_.enabled}).Name) {
    $pc
    invoke-command -ComputerName $pc -scriptblock {Get-Service -Name BITS}
}

If this still fails concentrate on one computer 1st and try a enter-pssession and see if remoting works and get that working.