WMIC: Run Batch Script Remotely

Question

I've been trying to get a Jenkins deploy job to work by running a batch script to do the install of an msi from the Jenkins build machine itself. I've given the appropriate access rights, but still am not able to run the following command remotely, using WMIC

wmic /node:myServerIp /user:"clientpc\my-user" /password:"my-password" process call create "D:\someDir\someOtherDir\test.bat"

The follow response from the above command:

Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 9;
};

After some research, it looks like return value of '9' is 'Path not found' according to https://msdn.microsoft.com/en-us/library/aa389388(v=vs.85).aspx, but I've verified that the path exists on the remote server.

The test.bat file that I'm trying to run is very simple, and should just write to a text file.

@echo This is a test.> test.txt

I've verified that both files exist on the server, and have granted 'EVERYONE' to the shared folder 'someDir'.

I have tried prefixing 'cmd.exe /c' to the path called:

wmic /node:myServerIp /user:"clientpc\my-user" /password:"my-password" process call create "cmd.exe /c D:\someDir\someOtherDir\test.bat"

...for which I receive:

Invalid Verb Switch.

I've verified that the user access is correct by providing a bad password, in which case permission is denied.

EDIT: Changed the path from D:\someDir\someOtherDir\test.bat to D:\\someDir\\someOtherDir\\test.bat but now receive the following error:

ERROR:
Description = The RPC server is unavailable.

EDIT 2: Looks like the RPC user I was using was the cause for the error. Still troubleshooting, but when I use my AD user, as opposed to the administrator I created to run this, I get the following AGAIN...

Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 9;
};

Answer 1

I was able to get the following to work on an Active Directory domain.

Wmic /node:"ComputerName" process call create "cmd.exe /c (net use o: /delete /y & net use o: \\Server\share /user:Domain\Administrator Password & o:\Dir\Subdir\test.cmd) >> c:\users\MyUser\testout2.txt"

The very simple contents of test.cmd:

echo Just a test >> c:\users\MyUser\testout.txt
date /t >> c:\users\MyUser\testout.txt
time /t >> c:\users\MyUser\testout.txt

The "job" is being sent to "ComputerName" on the domain. The batch/script file the job runs is on a network share. The job running on "ComputerName" will not see any mapped drives, so I delete and map a drive. I don't believe it is ever necessary to delete the drive, but I added that for completeness sake.

After execution, testout2.txt shows the batch file executing the commands and testout.txt contains the results of the batch file commands as expected.

Things to watch out for:

• As mentioned, mapped drives are not visible from the remote job
• You are executing in the target machine's environment - drive letters need to make sense to that machine
• Internal commands such as 'echo' require the job starts with 'CMD.EXE /c'
• Group multiple commands inside parentheses and separate with ampersands (&)
• Don't collide file access. I use testout.txt and testout2.txt files. If I had given them the same name, one set of outputs would have been lost.
• Nothing you do this way will ever be visible to the user; the job is run in such a way that it can not display on the user's screen.
• Sending a password in clear text as I show in the example is a security hazard and should be avoided. I'm not sure of a better way to map drives in this context however.