Psexec runs batch file with no errors, but has no effect

Question

I have a batch file that runs a powershell script_1 that invokes another powershell script_2 with elevated credentials.

When I log into remote_server (Win Server 2012 R2, in WORKGROUP) and execute this batch script, it works perfectly.

When I log into host_server (Win Server 2012 R2, in WORKGROUP) and execute this batch script with psexec, it returns with an error code 0, but when I test whether this works, it is as if the powershell script_1 or script_2 never executed

On the host_server, I will run a cmd shell, Shift-right-click and select "Run as different user"

Then for username I type in "Administrator", and then the password.

Then I execute the following

D:\pstools\psexec.exe \\IP_of_remote_server -u username -p password -accepteula C:\share\enable.bat

And it executes with no error, and returns code of 0

enable.bat

@echo off
powershell.exe C:\share\eLEVATE.ps1

eLEVATE.ps1

$startInfo = $NULL
$process = $NULL


<#Previously created password file in C:\share\cred.txt, read-host -assecurestring | convertfrom-securestring | out-file C:\share\cred.txt#>
$password = get-content C:\share\cred.txt | convertto-securestring

$startInfo = New-Object System.Diagnostics.ProcessStartInfo
$startInfo.FileName = "powershell.exe"
$startInfo.Arguments = "-noninteractive -windowstyle hidden -noprofile C:\share\remote_elevate.ps1 "

$startInfo.RedirectStandardOutput = $true
$startInfo.UseShellExecute = $false
$startInfo.CreateNoWindow = $false
$startInfo.Username = "Administrator"
$startInfo.Domain = "WORKGROUP"
$startInfo.Password = $password 

$process = New-Object System.Diagnostics.Process
$process.StartInfo = $startInfo
$process.Start() | Out-Null
$userId = $process.StandardOutput.ReadToEnd() 
$process.WaitForExit()

remote_elevate.ps1

enable-psremoting -force

I have been trying to figure this out all morning. Thanks!

EDIT

I'm posting the exact screenshot of the errors I get when I enter

d:\pstools\psexec.exe \\remote_IP -u Administrator -p password -accepteula cmd

Then execute

powershell.exe -executionpolicy bypass c:\share\eLEVATE.ps1

Answer 1

I am writing this as an answer since comments are not conveying what is needed with the limited formatting.

On the Host_server system bring up your command prompt as you described.

Enter the following command:

d:\pstools\psexec.exe \\remote_IP -u username -p password -accepteula cmd

The screen should display the following (Windows Version will be different since I ran this on Windows 7 Enterprise, and you will be doing it on Server 2012):

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>

This is now a command prompt on the Remote_server. Anything executed from this prompt will not happen locally (host_server), but will happen on the remote_server computer. At this prompt enter the command:

powershell.exe -executionpolicy bypass c:\share\eLEVATE.ps1

Does that execute without errors? Does it do what it is supposed to?

Once you are finished with testing and are ready to close the command prompt on the remote_server system use the command:

exit

That will close the remote command prompt and will return you to your command prompt on the local computer (host_server).

PSExec will state a return code of 0, because CMD.exe closed normally. This does not reflect anything that PowerShell returned, only that cmd.exe on the remote system executed and closed normally.