Community FAQ
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CyberSmith1979
Engaged Sweeper

Hi Experts,

Using the Lansweeper deployment feature, I try to execute the PowerShell command "Invoke-WebRequest" on a target computer to download a small installer file (size is about 10MB) from a specified URL to that computer, which in my case takes few seconds to finish when directly tested on the target computer.

However, when I try to deploy the script (with a domain admin account!) using Lansweeper, the deployment always hangs, regardless of how much I increase the timeout limit, and the file doesn't download to the target computer. It always passed the preliminary checking while stuck at the “Initializing” step.

Here is the script I used: 

Invoke-WebRequest "http://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile C:\Temp\chrome_installer.exe;

Note that I have tried to deploy other simple PS scripts using Lansweeper and it works. For example: 

"Test" | Out-File "C:\Temp\log.txt"

Moreover, I am using the “Command” action, and the command I use is: 

powershell.exe -executionpolicy bypass -file "{PackageShare}\xxx.ps1"

Did I do anything obviously wrong? Did anyone try to achieve similar things and was able to get it to work?Thanks!

2 REPLIES 2
ErikT
Lansweeper Tech Support
Lansweeper Tech Support

@CyberSmith1979 ,

 

 

  • Place this script in the Lansweeper package share 
    C:\Program Files (x86)\Lansweeper\PackageShare\Scripts
     
  • Create a deployment package :
    • Use the command action 
    • Name your step
    • enter this as command: 
      powershell.exe -command (Invoke-Command -ScriptBlock {"{PackageShare}\Scripts\download_chrome.ps1"})
    • action on success: Stop (Success)
    • action on failure: Stop (failure)

 

I tested this while running with the system account 

 

 

Hi Erik,

Thank you for the response, I found that it is because we did not enable the “Allow inbound remote administration exception” group policy.

 

A little background: to minimize the cybersecurity risks, we asked you if there is any workaround to reduce the access we open up to the inbound traffic, and your support team showed us the KB https://community.lansweeper.com/t5/requirements/ports-scanned-or-used-by-lansweeper/ta-p/64273 which has the instructions to only open certain fixed ports and configure the WMI to standalone mode in order to make the agentless scan to work without enabling the group policy. We follow the instructions and the agentless scan works, however, it appears that the deployment is still not fully functional. 

So, is there a way to allow the remote deployment without enabling the “Allow inbound remote administration exception” group policy, like only enable a few more fixed ports?

Thanks!

Deployment Packages

Share topics/ issues related to deployment packages. Please use/rely on content with caution as it is publicly generated.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now