Open-AudIT https://www.open-audit.org/phpBB3/ |
|
Using of PSExec https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=4348 |
Page 1 of 1 |
Author: | meronbar [ Fri Feb 18, 2011 5:51 pm ] |
Post subject: | Using of PSExec |
Mark, you should be careful with launching audits over psexec (and i suppose in scheduler too) This processes run in differ environment, for example - there is no HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY branch on registry. |
Author: | jpa [ Sat Feb 19, 2011 4:21 am ] |
Post subject: | Re: Using of PSExec |
Is this true? My testing below shows info for the Display. Against WinXP and Win7. Maybe I'm missing something. [code]psexec \\remote_computer -u Administrator reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\Default_Monitor HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL3005 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL3008 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL4023 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL510F HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\IN-KCH-8XX-CHIPSETS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\IN-SB-8XX-PLATFORMS reg exited on gmiit1 with error code 0.[/code] I would think the password issues with psexec would be something more worthy of worry. |
Author: | meronbar [ Mon Feb 21, 2011 5:54 pm ] |
Post subject: | Re: Using of PSExec |
Upps. It is not about psexec, it is about virtual PC (VMWare). But your note about password hot too. I usually prefer not to use -u -p switches at all (in this case current account credentials used) or use -s switch instead. Bots this methods require admin rights to run, but this can be pass more secure, by scheduler credentials for example. |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |