Re: Running commands on workstations from domain controller





Thor (Hammer of God) wrote:
PSExec allows you to remotely execute code.

http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx


As Thor suggests, I'd recommend using psexec.

Using a tool like dsquery, with a couple of lines of script you could quite happily run a script on all the machines in a particular OU, and generate a list of the machine accounts the command didn't work on.

See http://blog.sapien.com/current/2006/11/28/command-line-one-liners.html for some hints on how to query for machines by OU and OS.. See http://tinyurl.com/2hp43y (windowsitpro.com) for an example of the same task carried out using 'net view' instead of dsquery.

Using a login script would work, but you have less control over it, it's harder to audit, it's slower, and it may require giving your users too many privileges. Which you choose largely depends upon what sort of 'command' this is and what context it needs to be executed under..

- James.

--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

"All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again"

https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



Relevant Pages

  • CDO message with attachment problems
    ... It works fine on other machines on this network as well as other machines on ... Script to Email attachment hangs on the AddAttachment statement ... Script to Email attachment hangs on the AddAttachment statement ...
    (microsoft.public.scripting.vbscript)
  • Re: Automating password change
    ... All the machines are set up differently from each other ... > use telnet, others I can rlogin or remsh, and still others I can ssh. ... it would not be practical to try to write a complex script ... > to write a simple script to wrap around passwd that would run on each ...
    (comp.unix.solaris)
  • Re: Automating password change
    ... All the machines are set up differently from each other ... > use telnet, others I can rlogin or remsh, and still others I can ssh. ... it would not be practical to try to write a complex script ... > to write a simple script to wrap around passwd that would run on each ...
    (comp.unix.shell)
  • RE: Another overflow exploit for Apache? *RESOLVED*
    ... You must be reviewing already backdoored script. ... > On ALL the machines with the Ddos behavior we found, ... > Ddos binaries, then executing them.. ... > This script is most likely used by CCBILL techs as part of their default ...
    (Incidents)
  • Re: Win2000 Pro will not process logon script
    ... newer machines run the script and some of the older ones do not. ... I am not familar with the "slow link" policy. ...
    (microsoft.public.windows.server.active_directory)