Open-AudIT
https://www.open-audit.org/phpBB3/

Using of PSExec
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=4348
Page 1 of 1

Author:  meronbar [ Fri Feb 18, 2011 5:51 pm ]
Post subject:  Using of PSExec

Mark, you should be careful with launching audits over psexec (and i suppose in scheduler too)
This processes run in differ environment, for example - there is no HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY branch on registry.

Author:  jpa [ Sat Feb 19, 2011 4:21 am ]
Post subject:  Re: Using of PSExec

Is this true? My testing below shows info for the Display. Against WinXP and Win7. Maybe I'm missing something.

[code]psexec \\remote_computer -u Administrator reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\Default_Monitor

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL3005

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL3008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL4023

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL510F

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\IN-KCH-8XX-CHIPSETS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\IN-SB-8XX-PLATFORMS
reg exited on gmiit1 with error code 0.[/code]

I would think the password issues with psexec would be something more worthy of worry.

Author:  meronbar [ Mon Feb 21, 2011 5:54 pm ]
Post subject:  Re: Using of PSExec

Upps. It is not about psexec, it is about virtual PC (VMWare).

But your note about password hot too. I usually prefer not to use -u -p switches at all (in this case current account credentials used) or use -s switch instead. Bots this methods require admin rights to run, but this can be pass more secure, by scheduler credentials for example.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/