I am using TFS to kick off PSExec to run an InstallShield process that creates installers. Our TFS build agent runs under the NETWORK SERVICE account.
I run PSExec using the -u -p options, and I am able to run the command and successfully build the installers from a command prompt against the remote machine.
However in TFS, I always get a 2250 error code and the installers don't build.
To isolate the problem, I changed the psexec command to the following...
PsExec.exe -accepteula \\<machine> -u <username> -p <password> xcopy /y c:\temp\testing.bat c:\temp\1.bat
If I run the above from the command line it copies the file. If I run the above from TFS (calling out to the above in a batch file), it fails with 2250.
So to simulate what TFS is doing I...
psexec -i -u "nt authority\network service" cmd.exe
So step 2 starts a command prompt using the NETWORK SERVICE account. When I run step 3 from this command prompt, I received the same 2250 error. So this is good b/c now TFS is out of the picture, and I am closer to the real issue.
Just for grins I added NETWORK SERVICE to the remote box's Administrators group. That did not solve the issue.
So here is where I am at...
So in my mind the issue is clearly related to the NETWORK SERVICE account. Question is how can I get psexec to run with this account?
UPDATE
Here are the dialogs that show the NETWORK_SERVICE account in the Administrators group for and that it has full access to the path (c:\temp).
Let's say your two machines are called TFSSERVER and TARGETMACHINE.
The NetworkService on the TFS Server would be seen as the machine account, i.e. DOMAIN\TFSSERVER$
, on the TARGETMACHINE. Any accounts in the NT AUTHORITY group are local accounts so it looks like you've just added TARGETMACHINE's network service as an admin, not the TFS machine's network service.
Try adding the TFS machine account to your permissions list and see if it works.
If that doesn't, look at this related question and see if anything there helps you at all: PSEXEC, access denied errors