Categories

Create a process on a remote machine

We cam use the [wmiclass] to create a process but it doesn’t allow us to set the credentials. We can get round that by using a bit of .NET code. [wmiclass] is as accelerator for System.Management.ManagementClass so we go back to basics

function new-process {            
param (            
 [string]$computer="localhost",            
 [string]$procpath="C:\Program Files\Internet Explorer\iexplore.exe"            
)            
            
$conopt = New-Object System.Management.ConnectionOptions             
            
switch ($computer ) {            
 "."         {break}            
 "localhost" {break}            
 "$env:COMPUTERNAME" {break}            
 default {            
           $cred = Get-Credential            
           $conopt.UserName = $cred.UserName            
           $conopt.SecurePassword = $cred.Password            
         }            
}            
$conopt.EnablePrivileges = $true            
            
$scope = New-Object System.Management.ManagementScope             
$scope.Path = "\\$computer\root\cimv2"             
$scope.Options = $conopt             
            
$path = New-Object System.Management.ManagementPath            
$path.ClassName = "Win32_Process"              
            
$proc = New-Object System.Management.ManagementClass($scope, $path, $null)             
            
$proc.Create($procpath)             
}


 



The computer name and path to the exe we want to run are given as parameters. We create the System.Management.ConnectionOptions. If we are  targeting a remote machine we can add the credentials (doesn’t work for local machine). The switch simplifies the coding of avoid local machine



 



The scope and management path (name space and class) are set and then we create a new instance of the class. We can then use the Create method to create the process.

Leave a Reply