Create a process on a remote machine
We cam use the [wmiclass] to create a process but it doesn’t allow us to set the credentials. We can get round that by using a bit of .NET code. [wmiclass] is as accelerator for System.Management.ManagementClass so we go back to basics
function new-process {
param (
[string]$computer="localhost",
[string]$procpath="C:\Program Files\Internet Explorer\iexplore.exe"
)
$conopt = New-Object System.Management.ConnectionOptions
switch ($computer ) {
"." {break}
"localhost" {break}
"$env:COMPUTERNAME" {break}
default {
$cred = Get-Credential
$conopt.UserName = $cred.UserName
$conopt.SecurePassword = $cred.Password
}
}
$conopt.EnablePrivileges = $true
$scope = New-Object System.Management.ManagementScope
$scope.Path = "\\$computer\root\cimv2"
$scope.Options = $conopt
$path = New-Object System.Management.ManagementPath
$path.ClassName = "Win32_Process"
$proc = New-Object System.Management.ManagementClass($scope, $path, $null)
$proc.Create($procpath)
}
The computer name and path to the exe we want to run are given as parameters. We create the System.Management.ConnectionOptions. If we are targeting a remote machine we can add the credentials (doesn’t work for local machine). The switch simplifies the coding of avoid local machine
The scope and management path (name space and class) are set and then we create a new instance of the class. We can then use the Create method to create the process.