Impersonation issue with PsExec ?
From: Yuri Palagin (ypal_at_utc.ru)
Date: 02/20/04
- Next message: David Cross [MS]: "Re: Smart Card Deployment documentation ?"
- Previous message: Somchai U.: "disallow seeing non-relavant subdirectoies"
- Next in thread: Drew Cooper [MSFT]: "Re: Impersonation issue with PsExec ?"
- Reply: Drew Cooper [MSFT]: "Re: Impersonation issue with PsExec ?"
- Reply: Joe Richards [MVP]: "Re: Impersonation issue with PsExec ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Feb 2004 11:58:49 +0400
Hi there.
I want to enable some users to use PsExec utility (www.sysinternals.com) for
executing commands remotely on some servers, but the problem is, PsExec has
a key "-s" that lets "run remote process in the System account"(as the help
goes). My testing shows that using "psexec \\server -s cmd" allows any user
to get access to do just anything on servers with the Admin$ share on. OK, I
can disable the Admin$ share, but this disables using PsExec at all. I got a
hunch that it has something to do with restricting the right to impersonate,
but I've no idea where I can find it. Can anyone give me a lead?
I'm not stuck with PsExec, so maybe there is another way to allow remote
command-line to only the chosen, is there?
Thanks for any ideas,
ypal
- Next message: David Cross [MS]: "Re: Smart Card Deployment documentation ?"
- Previous message: Somchai U.: "disallow seeing non-relavant subdirectoies"
- Next in thread: Drew Cooper [MSFT]: "Re: Impersonation issue with PsExec ?"
- Reply: Drew Cooper [MSFT]: "Re: Impersonation issue with PsExec ?"
- Reply: Joe Richards [MVP]: "Re: Impersonation issue with PsExec ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
