Search code examples
windowscommand-lineremote-desktoprdppsexec

Copy files from remote Windows machines with command-line, through RDP

Our team has ~80 Windows development machines, and activities of each developer are logged as text files on the local storage of those machines. To analyze the logged activities, I want to gather all log files from those machines. Additionally, the log files are updated constantly, so It is desirable to gather files with the command-line from my machine.

I’ve searched and found some solutions, but all of those are not suitable for our situation:

  • We cannot use PsExec, because tcp/135 and tcp/445 are both closed (countermeasure for WannaCry).
  • Administrative share is disabled.
  • telnet service is not up and is banned by security reasons.
  • WinRM is disabled on those machines by default.
  • It is difficult to install new software like OpenSSH on those machines (because of the rule of this project)
  • RDP is the only way to connect those machines. (I have an account on all machines)

How can I copy files from remote Windows machines with command-line through RDP? Or, at least, is there any way to execute a command on remote Windows machines with command-line through RDP?

Solution

  • I think you can do this, though it is very hacky :)

    For a basic setup, which just copies files once, what you would need to do is

    1. Run a script in the remote session when it logs in. I can think of three ways to do this:
      • Use the "Alternate Shell" RDP file property. This runs a specified program in place of explorer.exe on login; you can use it to run "cmd.exe /c [your script]" for instance.
      • If that doesn't work (e.g. the remote machine doesn't respect it), you might be able to use a scheduled task that runs the script on login, but perhaps only for a specified user, or maybe the script could check the WinStation type to make sure this is actually an RDP connection before doing anything.
      • It's also possible to do this by connecting in RemoteApp mode and using the script as your "application", but that only works for Server and Enterprise editions of Windows.
    2. Enable either drive redirection or clipboard redirection on the RDP connection, to give you a way to get data out.
      • Drive redirection is much simpler to script; you just have the remote script copy files to e.g. "\\tsclient\C\logs".
      • Clipboard redirection is theoretically possible - you have the remote script copy, then a local script paste - but would probably be a pain to get working in practice. I'm only mentioning it in case drive redirection isn't available for some reason.
    3. You would probably want to script to then log the session off afterward.

    You could then launch that from command-line by running "mstsc.exe [your RDP file]". The RDP files could be programmatically generated if needed (given you're working with 80 machines).

    If you want a persistent connection you can execute commands over, that's more complicated, but still technically possible. Two ways I can think of:

    1. Use the previous method to run a program on logon, but this time create a custom application that receives commands using a transport that isn't blocked and executes them in the session. I've done this with WCF over HTTP, for instance; it's not secure, of course.
    2. Develop and install a service on the remote machine that opens an RDP virtual channel, and a corresponding RDP client plugin that communicates with it. You can then do whatever you want across the connection. While this solution would be the most likely to work, it's also the most heavyweight and time-consuming to implement so it's probably a last resort.