Customer is able to use the STRPCO command from an AS400 session, but if they try to do the same from a 2E Web option session, it does not work. Other commands work fine. 

Alternative methods have been attempted, such as using PC commands in the session, but these require STRPCO.

CA 2E 8.7.x

Web Option

SSH + PsExec - combining the SSH transport layer with Microsoft’s PsExec utility can provide a secure and viable environment to invoke Windows applications from IBMi Web Option browser sessions.

PsExec is a command-line tool that allows users to run programs on remote systems. It can be used to execute remote commands, scripts and applications on remote systems, as well as to launch GUI-based applications on remote systems.

Unlike PowerShell Remoting, PsExec allows to programmatically target the specific, active Windows session where the user is currently logged in. This ideally guarantees that when a command is fired from the IBMi system, the desktop application should pop up on the user's screen.

As a summary, the solution to overcome the security challenges includes the following:

• Open a couple of ports and unblock a service, to enable PsExec to be executed
  • The details of the ports to be opened and the service to be unblocked are:
    • Port TCP/445
    • Port UDP/137
    • Remote Service Management (RPC) Open – PsExec runs extremely slow if the firewall is enabled and this service is blocked
    • Add Windows machine IP address as an Allowed Remote IP Address, for the 445 port and the 137 ports

During our research, we could notice that there are some security concerns around PsExec.  PsExec is also occasionally flagged by aggressive Endpoint Detection Response/Antivirus tools. Please refer to this link for further details.