psexec icacls remote computer

September 24, 2012

Set proper permissions in IIS 7.x on a remote computer

We will be using psexec icacls on the remote comptuer

Objective: Grant NT AUTHORITY\NetworkService the proper permissions for a particular website on “somecomputer” using credentials “somedomain\someuser somepassword”

The Command to Run

psexec -u somedomain\someuser -p somepassword -e \\somecomputer cmd /c (^
mkdir c:\temp1\Common ^
& icacls c:\temp1\Common /grant "NT AUTHORITY\NetworkService":^^(OI^^)^^(M^^) ^
& icacls c:\temp1\Common /grant "NT AUTHORITY\NetworkService":(CI^^)^^(M^^) ^
& icacls c:\temp1\Common /grant "NT AUTHORITY\NetworkService":^^(OI^^)^^(CI^^)^^(M^^) ^

What if we want to do this through jenkins?

On the remote computer set up c:\admin_scripts\permfix.bat file with contents

@echo off
echo Permissions Before:
icacls C:\temp1\Common | find "NETWORK SERVICE"
echo Fixing Permissions ...
icacls C:\temp1\Common /grant "NT AUTHORITY\NetworkService":(OI)(M)
icacls C:\temp1\Common /grant "NT AUTHORITY\NetworkService":(CI)(M)
icacls C:\temp1\Common /grant "NT AUTHORITY\NetworkService":(OI)(CI)(M)
echo Permissions After:
icacls C:\temp1\Common | find "NETWORK SERVICE"

On Jenkins Machine set up job like this, each command should be separate windows batch command

psexec -u somedomain/someuser -p somepw -e \\remotehost cmd /c "c:\admin_scripts\permfix.bat >>c:\console.log 2>&1" -i 1 -accepteula
net use \\remotehost\c$ /USER:somedomain/someuser somepw
type \remotehost\c$\console.log