Re: Windows Remote Log in

Discussion in 'Python' started by Jesse, Aug 28, 2003.

  1. Jesse

    Jesse Guest

    Thanks I'll check this out and also try to further clarify myself.


    This is a mixture of NT 4 and Win2K Servers. WMI may not be installed
    on all the remote systems.


    We have quite a few NT domains that our servers are spread out over and
    sometimes the machine I would execute the script from would not be in
    the same Domain and need different Logon Credentials to access the
    remote machine. We don't have control over this our primary
    responsibility is for the applications that reside on these servers. We
    have Administrator Access to the servers but not complete control on how
    they are setup. Ahhh the wonderful Politics of Big Business.

    Often certian services for the applications we maintain will need to be
    restarted on these remote machines. I've found a way to this this with
    a Python Module called WService. In the App I'm making that will reside
    on the clients machine they will enter a server name or ip address and
    click a button that will restart the req'd service. As long as we are
    in the same NT Domain no big deal, but not all servers are in the same
    domain and we use different accounts to access them.

    What I need is some way for user to enter the proper credentials so
    Python could restart the service on the remote machine.

    If this isn't making sense please disregard and I'll move on to
    something a bit easier.


    Tim Golden wrote:

    > From: Jesse [mailto:]
    >
    >
    >>I guess it is how can I have a user enter their NT Domain Authentication
    >>and the script use it to log into NT Domains the computer it is running
    >>on it not a member of.

    >
    >
    > I have the impression that you're not 100% clear on how you might be
    > doing these remote operations. Do you envisage remotely "typing in"
    > usernames and passwords, and then remotely "opening up dialogs and
    > pressing buttons"? If so, you're a bit off beam (and a not atypical
    > NT Administrator). If not, then I apologise. (Actually, I apologise
    > anyway; it was a bit rude).
    >
    > I suggest you have a look at WMI.
    >
    > Pick up the module from:
    >
    > http://tgolden.sc.sabren.com/python/wmi.html
    >
    > and have a look at some of the examples in:
    >
    > http://tgolden.sc.sabren.com/python/wmi_cookbook.html
    >
    > Try using it without any particular security qualifiers
    > first; if you really need an explicit log on (you probably
    > won't if you're a Domain Admin and using your own or a
    > trusted domain) then you can specify an explicit wmi
    > moniker in the constructor.
    >
    > TJG
    >
    > ________________________________________________________________________
    > This e-mail has been scanned for all viruses by Star Internet. The
    > service is powered by MessageLabs. For more information on a proactive
    > anti-virus service working around the clock, around the globe, visit:
    > http://www.star.net.uk
    > ________________________________________________________________________
    >
    Jesse, Aug 28, 2003
    #1
    1. Advertising

  2. According to Jesse <>:
    > What I need is some way for user to enter the proper credentials so
    > Python could restart the service on the remote machine.


    If you are able to install one or more Python programs on the servers then
    you can get your client Python program to talk a private protocol to your
    server Python program to DTRT.

    No need to mess around with Windows APIs.


    --
    Ng Pheng Siong <>

    http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
    http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL
    Ng Pheng Siong, Aug 28, 2003
    #2
    1. Advertising

  3. Jesse <> wrote in message news:<hHo3b.29530$>...
    > Thanks I'll check this out and also try to further clarify myself.
    >
    >
    > This is a mixture of NT 4 and Win2K Servers. WMI may not be installed
    > on all the remote systems.
    >
    >
    > We have quite a few NT domains that our servers are spread out over and
    > sometimes the machine I would execute the script from would not be in
    > the same Domain and need different Logon Credentials to access the
    > remote machine. We don't have control over this our primary
    > responsibility is for the applications that reside on these servers. We
    > have Administrator Access to the servers but not complete control on how
    > they are setup. Ahhh the wonderful Politics of Big Business.
    >
    > Often certian services for the applications we maintain will need to be
    > restarted on these remote machines. I've found a way to this this with
    > a Python Module called WService. In the App I'm making that will reside
    > on the clients machine they will enter a server name or ip address and
    > click a button that will restart the req'd service. As long as we are
    > in the same NT Domain no big deal, but not all servers are in the same
    > domain and we use different accounts to access them.
    >
    > What I need is some way for user to enter the proper credentials so
    > Python could restart the service on the remote machine.
    >
    > If this isn't making sense please disregard and I'll move on to
    > something a bit easier.
    >


    You probably need to logon to the IPC Share to get proper
    authentication. From the commandline it's "net use \\servername\ipc$
    password /USER:domain\username". You could also probably use
    win32net.netUseAdd() to do this natively in Python, but I've never
    tried this.
    logistix at cathoderaymission.net, Aug 28, 2003
    #3
  4. Jesse

    David Bolen Guest

    Jesse <> writes:

    > What I need is some way for user to enter the proper credentials so
    > Python could restart the service on the remote machine.
    >
    > If this isn't making sense please disregard and I'll move on to
    > something a bit easier.


    When I first started doing a lot of management scripts for Windows it
    seemed strange to me that so many Win32 API calls would accept a
    remote machine name, but no optional credentials. As it turns out,
    Windows shares a single set of credentials per remote machine among
    any operations being performed to that remote machine. If there are
    no established credentials due to a prior operation or access that is
    still in place, then your default credentials (those currently
    established by your login) are used. And in fact if you try an
    operation that does accept credentials, and they are different from
    the established credentials the operation will fail (which can be
    infuriating at times :)).

    So it's a clumsy mechanism in many ways, but convenient in others
    (since any operation the system performs, even with utilities that
    don't provide a way to enter credentials) will inherit the established
    credentials.

    The trick is to get the proper set of credentials in place in a
    persistent manner prior to performing whatever operation you want to
    do. One of the simplest persistent mechanisms is by accessing a
    remote share. And since all systems supporting Windows networking
    operations always have an IPC$ share (used for basic connection
    establishment), you can just "use" that share - as I believe another
    responder pointed out recently. You don't need to map it to a drive or
    anything, just use the share, and if you want, drop it when you are done.

    Once you have this, then I'd just go for straight Win32 network calls
    to manipulate the remote machine. This has the advantage of being
    more assured of working on your NT machines, since in most cases they
    won't have some of the newer stuff like WMI installed, although you
    could add that on.

    Mark Hammond's win32all package wraps all of the appropriate functions
    that you'll need (both to manipulate the remote access via the shares,
    as well as perform remote operations such as calls to the service
    manager). You can generally start by using MSDN to examine how you
    would perform the task with Win32 calls and then just find the right
    wrapper in the win32all package. In the

    For example, here's a snippet of code (using the win32net module) from
    one of our scripts that is triggered when a remote machine for some
    reason loses its D$ share (the administrative share to drive D:). If
    necessary we use the IPC$ share to gain the proper remote credentials,
    and then create the remote share.

    The NetUseAdd call is effectively the replacement for a command line
    "net use" operation without a drive assignment, and the NetUseDel call
    mimics the "net use /delete" operation.

    Coming into this code:
    use_servers = optional list of machines we already have access to
    machine = machine we are manipulating
    wic6user = administrative user on remote machine
    wic6pwd = administrative password on remote machine

    - - - - - - - - - - - - - - - - - - - - - - - - -

    print "(Creating temporary share)"

    if use_servers and machine not in use_servers:
    print "(Creating temporary use)"
    use_info = {'remote':r'\\'+machine+r'\IPC$',
    'asg_type':-1,
    'username':wic6user,
    'password':wic6pwd}
    try:
    win32net.NetUseAdd(None,2,use_info)
    have_use = 1
    except pywintypes.error, value:
    print "Couldn't create temporary use:", value

    # Create the remote share

    shareinfo = {'netname':'D$','path':'D:\\','max_uses':-1}
    try:
    win32net.NetShareAdd(machine,2,shareinfo)
    have_share = 1
    except pywintypes.error, value:
    print "Couldn't create share:", value

    # ... perform any other operations on remote machine ...

    if have_share:
    try:
    win32net.NetShareDel(machine,'D$')
    except pywintypes.error, value:
    print "Couldn't remove temporary D$ share:", value

    if have_use:
    try:
    win32net.NetUseDel(None,r'\\'+machine+r'\IPC$')
    except pywintypes.error, value:
    print "Couldn't remove temporary use:", value

    - - - - - - - - - - - - - - - - - - - - - - - - -

    In the case of managing services, the win32service module wraps most
    everything you would need. You can start a service with StartService,
    stop it with ControlService with the SERVICE_CONTROL_STOP code, check
    status with QueryServiceStatus and so on. Or, if the existing
    WService module you've been using works fine, you should just be able
    to use it unchanged once you have locked in the proper remote
    credentials via the IPC$ share.

    Another quick 'n dirty approach we've also used is just to use
    os.system, or more typically (so you can log the output) one of the
    os.popen# calls, to farm the service operation out to a utility like
    "sc" from the resource kit or psservice from sysinternals
    (www.sysinternals.com). You still need the IPC$ share in place for
    credentials to remote domain machines, but like any other system call,
    Windows will simply apply the established credentials to any
    operations that those utilities perform.

    -- David
    David Bolen, Sep 1, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Henrik_the_boss
    Replies:
    0
    Views:
    2,647
    Henrik_the_boss
    Nov 5, 2003
  2. Amratash
    Replies:
    0
    Views:
    520
    Amratash
    Apr 13, 2004
  3. =?Utf-8?B?VG9tIFdpbmdlcnQ=?=

    My.Log.Writeexception not writing to Application Event Log.

    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=, Jan 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    2,372
    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=
    Jan 20, 2006
  4. Jesse

    Windows Remote Log in

    Jesse, Aug 28, 2003, in forum: Python
    Replies:
    3
    Views:
    297
    Peter Hansen
    Aug 28, 2003
  5. Tim Golden

    RE: Windows Remote Log in

    Tim Golden, Aug 28, 2003, in forum: Python
    Replies:
    1
    Views:
    368
    Jesse
    Aug 28, 2003
Loading...

Share This Page