Invoke Command Calling a remote VBScript

Welcome Forums General PowerShell Q&A Invoke Command Calling a remote VBScript

This topic contains 3 replies, has 3 voices, and was last updated by

4 years, 1 month ago.

  • Author
  • #21047

    Points: 0
    Rank: Member

    I have a VBS Script located on a Network Share in the same Domain. It's function to uninstall all versions of Java it detects through a WMI Query,

    I want every computer in an OU to call the VB Script, so am using invoke-command with the Scriptblock parameter. However after loading cscript, Powershell then reports cscript error loading script "scriptpath" failed (Access is Denied). I have also tried enter-pssession and called the script from the remote computers prompt, with the same result.

    I am running the console as Administrator, and when I run the script locally the script runs successfully.

    Reading other forums it has been suggested, problem could be the Double Hop in that it is not using the same credentials I open the console with. (ie no permissions to share drive) I have tried running the command with Credentials as well.

    Trial and error is failing, I need to be pointed in the right direction......

  • #21048

    Points: 1,785
    Helping HandTeam Member
    Rank: Community Hero

    This is a multi-hop authentication issue.

    You are on Machine A.

    You remote to Machine(s) B, which is one "hop." You tell Machine(s) B to execute a command.

    The command requires Machine(s) B to access a file on Machine C. That is a second "hop." The problem is, your credential cannot be delegated further, and so Machine(s) B present a null identifier to the file server. If you can modify the file server to allow anonymous connections, this might work. Otherwise, you would need to enable multi-hop delegation. How you do that depends a lot on your environment – if everything is 2008+ and Vista+, you can enable CredSSP on your machine and on Machine(s) B, although that can be time-consuming to do manually on a lot of machines.

    Providing credentials doesn't change the way this works.

  • #21055

    Points: 0
    Rank: Member


    Thanks for your assistance I have successfully run the VBScript using invoke-command to one computer by enabling the Server role with the WSManCredSsp Cmdlet on the Remote Computer. As you inferred in your email the next problem I face, is how the Server role is deployed to the rest of the enterprise.


  • #21069

    Points: 24
    Team Member
    Rank: Member

    Hi Andy,

    I think it would better if you would invest the time to rewrite the VBScript as PowerShell script. Once it is a PowerShell script you can run the script without enabling CredSSP which is a security risk for an enterprise.

    Invoke-Command -ComputerName MachineA, MachineB, MachineC -FilePath \\unc\JavaUninstallScript.ps1

    Above Invoke-Command will read the full script from the UNC path using your credentials on the machine where you have the interactive PowerShell window open and the cmdlet will submit it as script block to the remote computers.


The topic ‘Invoke Command Calling a remote VBScript’ is closed to new replies.