Is there a way to use WinRM to map a drive on a remote machine with the credentials of the session logged in on that remote machine, WITHOUT prompting the user to input their credentials.
Edit: This machine is on an AD domain, so ideally using the existing auth ticket would be nice.
See How to Run PowerShell Commands on Remote Computers on how to run PS commands remotely, then Powershell: how to map a network drive with a different username/password on the specific command you need.
Related
I am some issue with connecting the pipes between MySQL Workbench and my Bitnami Wordpress instance on AWS (using ssh). I have read and attempted the docs several times, I don't know what is going on.
I have successfully ssh-ed via the command line using ssh -i my_key_file bitnami#IP-Address.
However, I cannot get it to work for MySQL Workbench.
Field Value
SSH Hostname IP-Address
SSH Username bitnami
SSH Key File <path-to-key-file>
MySQL Hostname 127.0.0.1
MySQL Server Port 3306
MySQL username root
The path to key-file is correct as it works for other AWS instances. And the SSH hostname and SSH username get my access via the terminal - so I would assume these are fine?
When I test the connection, I am prompted for a password. Everywhere online suggests that this password is the admin password used the Wordpress account (accessible via the system logs). I have this password. However, this doesn't get me in.
The attempted connection returns the error: Failed to Connect to MySQL at 127.0.0.1:3306 through SSH tunnel at bitnami#IP-Address with user root
Any help would be appreciated
I have read and attempted the docs several times, I don't know what is going on.
I guess you are referring to this documentation
Could you try to reset the password for the root user as described in the guide below?
https://docs.bitnami.com/aws/components/mysql/#how-to-reset-the-mysql-root-password
Once you have restarted it and you have chosen a new one, use this new password on the Workbench.
My case would be, I would like to share my minishift instance to my intranet network.
It looks like there is no option to choose the network / IP, e.g. if you try to set the virtualbox network interface to "bridge", it would just fail
So I would like to setup port forwarding, e.g. http://blog.brianjohn.com/forwarding-ports-in-os-x-el-capitan.html
In this case I am able to access to the web console, e.g. redirect port of machine IP:PORT to 192.168.64.4:8443 (minishift)
But all the API, e.g. "https://192.168.64.4:8443/api/v1" are still using the internal IP, which of course it can not be accessed externally.
Are there any way to make it work properly?
When I need to access minishift from other hosts, I use SSH tunneling.
First you need to enable SSH access in your OSX and make sure you enable AllowTcpForwarding. Then create another user in your laptop to login via SSH.
From other hosts you need to login using SSH with following command:
ssh -L 8443:192.168.64.4:8443 user#<you_laptop_IP_address>
Keep the user logged in so that you can access your minishift web console using browser to https://localhost:8443
In order to automate build on a server, I had to do the following:
Make a user with root access on the destination server
Add rsa-gen public key to authorised_keys of destination server, for passwordless login.
Created script with 1st command being ssh user#dest.
The problem we are facing is that command execution still asks for sudo... How do we achieve this in a script or otherwise?
There is a plugin to make this simple.
SSH plugin can take server details along with credentials and can handle all of it for us.
To use it, follow these steps:
install SSH plugin on your jenkins from Manage plugins.
go to configure system, add under SSH remote hosts.
add all the details required to connect to server
In your job, add build step - Execute shell script in remote host using ssh.
We are setting up a Windows Service that will need to have access to network printers. I get all the network printers from the below code from console application which by default runs with my domain credentials. However, from my Windows service which runs under LocalSystem Account the below code fails to get the network printers. If I change the windows service to run with domain credentials instead of LocalSystem, then it works. I need to understand what will be the solution to get all the network printers when the service is still running under LocalSystem account.
“System.Drawing.Printing.PrinterSettings.InstalledPrinters;”
IIRC, LocalSystem doesn't have access to network resources by design. It only has access, and a rather high access at that, for the local computer.
I have been looking into the Microsoft.Web.Administration.dll and the ServerManager class, trying to control our Windows Server 2008 IIS 7 instance.
I have enabled remote administration and can connect via the IIS remote administration tool. However, when I try and use the following, I cannot connect:
ServerManager.OpenRemote(serverName);
This class does not allow me to specify a username and password on the remote IIS 7 server, as the IIS remote administrator tool does.
This is all being called via our build process using NAnt.
How do others control their remote IIS 7 server as part of their CI setup?
You will need to run the application under a domain user (Active Directory user) that has the right permissions to change the configuration files.
Windows authentication will do the rest.
As Oded says, you need Active Directory to be able to open a connection to a remote server using ServerManager.
Assuming you have administrator RDP access server there is an alternative which is to use WinRM and Remote PowerShell (works best with PowerShell 2.0 which comes with the latest version of WinRM) in your build scripts:
Windows Remote Management Command-Line Tool (Winrm.cmd)
To quickly configure WinRM for two machines that are not in a domain:
Client:
winrm quickconfig (just say yes)
winrm set winrm/config/Client/Auth '#{Basic="true"}'
:: Only do this next line if not using HTTPS
winrm set winrm/config/Client '#{AllowUnencrypted="true"}'
winrm set winrm/config/Client '#{TrustedHosts="hostname_or_ip"}'
Server:
winrm quickconfig (just say yes)
winrm set winrm/config/Service/Auth '#{Basic="true"}'
:: See: http://support.microsoft.com/kb/2019527 regarding https
winrm quickconfig -transport:https
:: Only do this if not using HTTPS AND you are happy about sending credentials
:: in clear text.
winrm set winrm/config/Service '#{AllowUnencrypted="true"}'
Now there are some caveats. WinRM will punch a hole in Windows Firewall for ports 5985 and 5986 for the listener (if running Windows Server 2003 it'll use port 80 and 443). This may not be to your liking and you'd probably best speak to your network admins about how to secure that.
Once you have WinRM configured you'll need user account configured on the remote server that is a member of the administrators group. Once done you can then test. On the build server:
# the following line will prompt for a username and password, enter the name of the account
# you just configured on the IIS box
$cred = Get-Credential
# next test the connection
Test-WSMan -ComputerName <server_name_or_ip> -Authentication default `
-Credential $cred
If all is good you should see the following response:
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.x
sd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 6.1.7600 SP: 0.0 Stack: 2.0
The next thing is to connect to a remote PowerShell session:
Enter-PSSession <server_name_or_ip_address> -Authentication default -Credential $cred
If this is successful you should have a PowerShell prompt on the remote machine.
Using Remote PowerShell you can then load the WebAdministration Provider for PowerShell and manipulate many aspects of IIS to your hearts content:
Web Administration (IIS) Provider for Windows PowerShell
To connect to the remote server you need to provide a PSCredential object. As mentioned above you would provide this using:
$cred = Get-Credential
However, this always demands some interaction from the keyboard to provide a username and password. Obviously this is no good for automated CI.
You can however store the password in a file. To do this run the following just once (or whenever the password changes):
read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt
Then when you need to create your PSCredential to authenticate to the remote server:
$username = "deployment_user"
$password = cat C:\securestring.txt | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $username, $password
$serverNameOrIp = "192.168.1.1"
Enter-PSSession $serverNameOrIp -Authentication default -Credential $cred
The above script was sourced from the following blog entry but I've duplicated to preserve here just in case that article goes dark:
Using PSCredentials without a prompt - GeeksWithBlogs (archive.org)
Anyway, so once you're connected to the remote server you can issue further commands such as:
Import-Module WebAdministration
CD IIS:\Sites
And so on.
Most of the above should be approached with caution if this machine is internet facing and the only way to access is via the internet. If this is the case consider restricting the WinRM ports to VPN only.
I wrote a WCF service in the end, which runs on the remote machine as a service. The service runs under a local account with administrator rights so that the local IIS instance on that machine can be changed.
From my NAnt script I have a series of custom tasks that communicate to the WCF service and change IIS settings as required.
As this is an internal dev environment I am not too concerned about security and the actual changes to IIS I am allowed are very basic.