Open-AudIT

What's on your network?
It is currently Fri Apr 27, 2018 4:19 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Using of PSExec
PostPosted: Fri Feb 18, 2011 5:51 pm 
Offline
Helper

Joined: Wed Sep 05, 2007 1:43 am
Posts: 55
Mark, you should be careful with launching audits over psexec (and i suppose in scheduler too)
This processes run in differ environment, for example - there is no HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY branch on registry.


Top
 Profile  
Reply with quote  
 Post subject: Re: Using of PSExec
PostPosted: Sat Feb 19, 2011 4:21 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Is this true? My testing below shows info for the Display. Against WinXP and Win7. Maybe I'm missing something.

Code:
psexec \\remote_computer -u Administrator reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\Default_Monitor

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL3005

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL3008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL4023

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\DEL510F

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\IN-KCH-8XX-CHIPSETS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DISPLAY\IN-SB-8XX-PLATFORMS
reg exited on gmiit1 with error code 0.


I would think the password issues with psexec would be something more worthy of worry.


Top
 Profile  
Reply with quote  
 Post subject: Re: Using of PSExec
PostPosted: Mon Feb 21, 2011 5:54 pm 
Offline
Helper

Joined: Wed Sep 05, 2007 1:43 am
Posts: 55
Upps. It is not about psexec, it is about virtual PC (VMWare).

But your note about password hot too. I usually prefer not to use -u -p switches at all (in this case current account credentials used) or use -s switch instead. Bots this methods require admin rights to run, but this can be pass more secure, by scheduler credentials for example.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group