Manage Windows networks using scripts - Part 6: First steps for remote scripting

Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 1   Part 1: Basic concepts
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 2   Part 2: Complete the script
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 3   Part 3: Understanding WMI
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 4 Part 4: Use Win32_NetworkAdapterConfiguration
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 5 Part 5: Overcoming challenges

Mitch Tulloch

Learn remote scripting techniques (write scripts that run on remote machines) using the WMI Win32_NetworkAdapterConfiguration class that was introduced in the previous section.

Go back to the ChangeIPAddress.vbs script that we developed in the previous sections to change the IP address of a network adapter:

Option Explicit
Dim objWMIService
Dim objNetAdapter
Dim strComputer
Dim strAddress
Dim arrIPAddress
Dim arrSubnetMask
Dim colNetAdapters
Dim errEnableStatic

If WScript.Arguments.Count = 0 Then
Wscript.Echo "Usage: ChangeIPAddress.vbs new_IP_address"
WScript.Quit
End If

strComputer = "."
strAddress = Wscript.Arguments.Item (0)
arrIPAddress = Array (strAddress)
arrSubnetMask = Array ("255.255.255.0")
Set objWMIService = GetObject ("winmgmts:" & strComputer & "rootcimv2")
Set colNetAdapters = objWMIService.ExecQuery ("Select * from Win32_NetworkAdapterConfiguration where IPEnabled = TRUE")
For Each objNetAdapter in colNetAdapters
errEnableStatic = objNetAdapter.EnableStatic (arrIPAddress, arrSubnetMask)
next

Note that comments have been removed and the code at the end shows the results.

Take a quick look at the operation of this script:

1. Connect to namespace rootcimv2 on the local machine.
2. Use a SELECT command to return a set of network adapter configurations with TCP / IP contour and permission to use.
3. Change the adapter IP address to the value described in the command line parameter.

We recorded this script in the C: localtest directory on a Windows XP machine with a static IP address of 172.16.11.43. Then open the Command Prompt command line as an admin on the machine and use this script to change the IP address of the machine to 172.16.11.54:

C: locatest> ipconfig

Windows IP Configuration

 

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix.:
IP Address. . . . . . . . . . . . : 172.16.11.43
Subnet Mask. . . . . . . . . . . : 255.255.255.0
Default Gateway.........: 172.16.11.1

C: locatest>ChangeIPAddress.vbs 172.16.11.54
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001.All rights reserved.

 

C: locatest> ipconfig

Windows IP Configuration

 

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix.:
IP Address. . . . . . . . . . . . : 172.16.11.54
Subnet Mask. . . . . . . . . . . : 255.255.255.0
Default Gateway.........: 172.16.11.1

C: locatest>

Note 1: Remember, to change the IP address on a Windows XP machine requires the use of local administrator privileges. Therefore, if you are currently logged in as a normal domain user, you need to open the Command Prompt window, then type: runas / user: administrator cmd.exe to open a second Command Prompt window run in the context of the local admin role and finally run the script from this second Command Prompt window.

But what if I wanted to run the script on one machine and use it to change the IP address of another computer? In other words, how do we want to run the script remotely on a remote Windows XP machine?

First try

Let's start by logging into an admin workstation xp.contoso.com, using the credentials of an admin account called Mary Jones. We need to do this because domain administrators have local administrative privileges on all machines in the domain. Therefore, when running the script from the admin station on a remote machine, the script will work.

Now we have the ChangeIPAddress.vbs script in the folder C: tools at the admin station xp.contoso.com. Open the Command Prompt command window on this machine and type the following two lines:

C: Documents and Settingsmjones>cd tools
C: tools> notepad ChangeIPAddress.vbs

The script is opened in Notepad, change the line below:

strComputer = "."

into:

strComputer = "xp2"

Then go to File / Save to record changes and close Notepad. Now run the script:

C: tools>ChangeIPAddress.vbs 172.16.11.65
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001.All rights reserved.

C: toolsChangeIPAddress.vbs (20, 1) Microsoft VBScript runtime error: The remote server does not exist or is unavailable: 'GetObject'

 

C: tools>

Note that it will take a while before the above error message appears. But does the script work? If you log into the remote machine xp2.contoso.com, open the Command Prompt window and type ipconfig , the result will be:

C: locatest> ipconfig

Windows IP Configuration

 

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix.:
IP Address. . . . . . . . . . . . : 172.16.11.43
Subnet Mask. . . . . . . . . . . : 255.255.255.0
Default Gateway.........: 172.16.11.1

C: locatest>

You can see that the address of the device is still 172.16.11.43. Ie this script does not work.

So, what is wrong? The error message indicates that there is a problem with line 20 of the script. Line 20 has the form:

Set objWMIService = GetObject ("winmgmts:" & strComputer & "rootcimv2")

It seems that the script cannot connect to the WMI service on a remote machine. What is the cause?

Second attempt

We can do something with Windows Firewall on the remote computer.

Remember, Windows XP SP2 has a firewall that will remove almost all incoming traffic except for traffic that is configured separately. The easiest way to check this is to turn off Windows Firewall on the destination computers. Log in to xp2.contoso.com as an admin, open the Windows Firewall application in Control Panel and select the Off setting on the General tab.

Now run the script from the admin station:

C: tools> ChangeIPAddress.vbs 172.16.11.65 Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001.All rights reserved.

C: toolsChangeIPAddress.vbs (23, 6) SWbemObjectEx: The remote procedure call failed.

 

C: tools>

Another error, and it takes a long time for this error message to appear. But at least it is another error and is noted in line 23:

errEnableStatic = objNetAdapter.EnableStatic (arrIPAddress, arrSubnetMask)

Now, type ipconfig in the Command Prompt window on the remote machine, we have the following result:

C: locatest> ipconfig

Windows IP Configuration

 

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix.:
IP Address. . . . . . . . . . . . : 172.16.11.65
Subnet Mask. . . . . . . . . . . : 255.255.255.0
Default Gateway.........: 172.16.11.1

C: locatest>

It looks like the script is working! But still leaving two issues:

1. We don't want to turn off Windows Firewall on remote machines when we run this script on them. So, is it necessary to set an exception so that these machines allow remote scripting to run while still opening Windows Firewall.
2. What about the above RPC error? The script works but still returns an error. Why is that?

Exception for remote scripting

Re-open Windows Firewall on the remote machine, the script will not run. Now, from the Command Prompt window at the admin level, type gpedit.msc to open Local Group Policy and set the following policy settings (see Figure 1):

Computer Configuration Administrative TemplatesNetworkNetwork ConnectionsDomain ProfileWindows Firewall: Allow remote administration exception

Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 6
Figure 1: Policy setting Windows Firewall to allow remote administration

Double-click on this policy setting and allow it on the local subnet (Figure 2). Remember, the admin station must be on the same subnet as the destination computer.

Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 7
Figure 2: Allow remote administration exception

Note 2: Of course, you might want to do this a little differently and configure policy settings in a Group Policy Object (GPO) domain instead of locally. But if so, you cannot allow this exception on the local machine to run the firewall with the script.

Now, run the script from the admin station and try to change the remote machine's IP address from 172.16.11.65 to 172.16.11.66:

C: tools>ChangeIPAddress.vbs 172.16.11.66
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001.All rights reserved.

C: toolsChangeIPAddress.vbs (23, 6) SWbemObjectEx: The remote procedure call failed.

 

C: tools>

Again an error like this appears, but when typing ipconfig in the Command Prompt window on the remote machine, we get the following result:

C: locatest> ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix.:
IP Address. . . . . . . . . . . . : 172.16.11.66
Subnet Mask. . . . . . . . . . . : 255.255.255.0
Default Gateway.........: 172.16.11.1

C: locatest>

It worked! Thus, we can open Windows Firewall on the remote machine and use Group Policy to open an exception for remote administration in the firewall and remotely change the machine's IP address by running the script from an admin station. .

We have solved the first problem, what about the second problem?

The secret always has its own charm. Therefore, temporarily leave the second problem to the later part of the lesson.

Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 8 Part 7: Troubleshooting errors
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 9 Part 8: Remote script error handling with Network Monitor 3.0
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 10 Part 9: Understanding remote control scenarios
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 11 Part 10: Tricks of remote control scenarios
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 12 Part 11: Other script tricks
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 13 Part 12: Properties of the WMI class
Manage Windows networks using scripts - Part 6: First steps for remote scripting Picture 14 Part 13: The script returns all values