Accessing cmd remotely using PowerShell

Question

I need to run a couple of bcdedit commands on a remote computer's cmd using a PowerShell script that runs on my computer. I am able to create a PSSession but I'm not sure how I can run cmd on the remote computer. When I run the code in the 'Invoke-Command' line, I get an error Connection to remote server failed with the following error message: Access is denied. When I just run Invoke-Command, I am prompted to enter the ScriptBlock, but when I do, I get yet another error: "Cannot bind parameter 'ScriptBlock' Cannot convert the "cmd /c 'bcdedit /copy {current} /d "Description"'} value of type System.String to type System.Management.Automation.ScriptBlock

I have never worked with PowerShell before. I need to do this in a couple of hours, and I am absolutely clueless right now.

Enable-PSRemoting -Force
Set-Item WSMan:\localhost\Client\TrustedHosts $ip -Concatenate -Force
$session = New-PSSession -ComputerName $ip -Credential $cred -ConfigurationName $config -UseSSL -SessionOption $sessopt

#problematic code
Invoke-Command -ComputerName $ip -ScriptBlock {cmd /c 'bcdedit /copy {current} /d "Description"'}

#works fine
Restart-Computer -ComputerName $ip -Force
ping.exe -t $ipaddr | Foreach{"{0}-{1}" -f (Get-Date -f "yyyy/MM/dd HH:mm:ss"), $_}

Assume that $ip, $ipaddr, $config, $sessopt and $cred store valid parameters.

why invoke cmd when you can just do that in powershell? `-ScriptBlock { bcdedit /copy {current} /d "Description" }` — phuclv, Jun 30 '21 at 00:14
Because bcdedit /copy {current} /d "Description" doesn't work in powershell. It only works in cmd — pesky_programmer, Jun 30 '21 at 00:16
it should work, powershell obviously can run any exe files. But probably you need to quote `{}` because those are special characters: `-ScriptBlock { bcdedit /copy `{current}` /d "Description" }` — phuclv, Jun 30 '21 at 01:10

mklement0 · Answer 1 · 2021-06-30T14:11:06.007

2

You can run bcedit.exe directly in PowerShell, but because in PowerShell { and } are metacharacters, you need to quote identifiers such as {current}:
- bcdedit /copy '{current}' /d 'Description'
- See this answer for a discussion and list of PowerShell's metacharacters.
If you get an error on connecting to a remote computer, the implication is that your user account either doesn't have sufficient privileges to connect remotely or the target computer isn't set up for PowerShell remoting.
- Note that Enable-PSRemoting -Force must be run on the target (server) machine, not on the calling (client) machine.
- See the conceptual about_Remote_Troubleshooting topic.
- The Restart-Computer cmdlet's -ComputerName parameter does not use PowerShell remoting, so the fact that it succeeds does not imply that PowerShell remoting, such as via Invoke-Command, works.

When I just run Invoke -Command, I am prompted to enter the ScriptBlock

PowerShell's automatic prompting feature for mandatory parameter values that weren't specified on the command line has severe limitations, and not being able to prompt for a script-block parameter value is one of them - see GitHub issue #4068; however, this additional problem is incidental to your real problem.

edited Jun 30 '21 at 14:11

answered Jun 30 '21 at 01:38

mklement0

382,024
64
607
775

Unfortunately, I still can't get my Invoke-Command to work, and still gives me the "Access Denied" error. What is strange is that I am able to run Enter-PSSession and remotely access the same computer. Is there an alternative for Invoke-Command? – pesky_programmer Jun 30 '21 at 04:08
Also, is there no way, other than the one I used, to make cmd run remotely? I think my manager expects me to use that – pesky_programmer Jun 30 '21 at 04:09
@pesky_programmer cmd was made long long ago with significant DOS compatibility so it has very limited capabilities. It can't run commands remotely and you must use some 3rd party solutions like [psexec](https://learn.microsoft.com/en-us/sysinternals/downloads/psexec). PowerShell OTOH is based on .NET and can do anything .NET can do. Just avoid cmd these days – phuclv Jun 30 '21 at 08:05
@pesky_programmer, there is no need to involve `cmd.exe` here, and your problem is unrelated to it. Instead, you seem to be having a problem with your PowerShell remoting setup. The `psexec` utility mentioned by phuclv is an alternative that _may_ work for you without additional setup, but you have to install it (on the calling computer) first. – mklement0 Jun 30 '21 at 13:59
For the sake of completeness, there _is_ a `cmd.exe` remoting solution similar to PowerShell's - based on `winrs.exe` and [Windows Remote Management](https://learn.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management) - but its requirements are similar to PowerShell's, so you may as well set up PowerShell's remoting, which gives you vastly more capabilities. /cc @phuclv. – mklement0 Jun 30 '21 at 14:00

score 0 · Answer 2 · answered Jul 03 '21 at 00:45

Thanks for all the suggestions, I was able to fix the error by adding -Credential to the Invoke-Command and Restart-Computer commands:

#problematic code
Invoke-Command -ComputerName $ip -Credential $cred -ScriptBlock {cmd /c 'bcdedit /copy {current} /d "Description"'}
Restart-Computer -ComputerName $ip -Credential $cred -Force

Accessing cmd remotely using PowerShell

2 Answers2

Linked