Remote scripting authentication

Started by rmpf2

rmpf2

Remote scripting authentication   19 June 2020, 00:38

Hi,
I hope you are doing great in these difficult times.

I am doing some remote test with NS and realized that scripting is not working as expected (Column Name: displayName - Full logged name - VBScript / Response Error: Permission denied: 'GetObject'). I suppose it is because we are trying to do it through VPN connections.

I have noticed that you already implemented different types of authentication on Remote WMI and others like Remote Powershell, but not on some others like Remote Scripting, Remote Registry, Remote Services, etc ... Can you implement this as a feature request? Or have any clues on how to resolve the issue?

Thanks & Blessings.
SoftPerfect Support forum - Andrew avatar image

Re: Remote scripting authentication   19 June 2020, 09:28

The thing is, scripts cannot authenticate as such: they are just short programs running on your computer. They can however use the WMI system to make connections to remote computers.

The string passed to GetObject() defines the authentication parameters that will be used. You can set impersonationLevel, authenticationLevel and authority. It's a rather complex topic, so here are some MS docs on this:
rmpf2

Re: Remote scripting authentication   19 June 2020, 11:32

Thanks for the hint. That would solve the issue with the VBS script, but any idea on why the remote services does not return any value?

For example:
Item Name: Seclogon Service
Service name: seclogon
Property: Service Startup Type
Note: This one, and the others did work on premises, but not remotely (through VPN).
SoftPerfect Support forum - Andrew avatar image

Re: Remote scripting authentication   19 June 2020, 11:54

My best guess would be that your current user is not properly authenticated within the remote network.

You can see what error code is returned by running something like this in a command prompt:
sc \\server-name-or-ip query seclogon
It'll probably be 'Access is denied'. So you will need to configure your PC to join the domain over VPN, enabling you to log in as domain admin remotely.
rmpf2

Re: Remote scripting authentication   19 June 2020, 12:14

Actually the current user is logged in correctly but not authenticated within the remote network because the connection is with a locally created user on the VPN.

Yes, you are right, it is indeed a problem of access rights. That's why my first statement was referring to using an already implemented method of different types of authentication on Remote WMI for Remote Services to try to access the remote machine services with other user credentials.

Not all VPN connections are made with domain authenticated users.
SoftPerfect Support forum - Andrew avatar image

Re: Remote scripting authentication   19 June 2020, 12:26

It's not really possible to authenticate for Remote Services, I am afraid. As you can see, the sc command also offers no authentication options.

Instead you can use WMI, as it allows you to authenticate as a different user and run something like this:
SELECT StartMode FROM Win32_Service WHERE NAME = 'seclogon'
It will display the desired result.
rmpf2

Re: Remote scripting authentication   19 June 2020, 12:31

OK. I will try that. Thanks for your time and your patience.

Reply to this topic

Sometimes you can find a solution faster if you try the forum search, have a look at the knowledge base, or check the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • Write in English. If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **     **  **     **  **     **   ******    *******  
 ***   ***  ***   ***  ***   ***  **    **  **     ** 
 **** ****  **** ****  **** ****  **               ** 
 ** *** **  ** *** **  ** *** **  **         *******  
 **     **  **     **  **     **  **               ** 
 **     **  **     **  **     **  **    **  **     ** 
 **     **  **     **  **     **   ******    *******  

Message: