Re: Impersonation issue with PsExec ?

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 02/20/04

  • Next message: David Wang [Msft]: "Re: IIS 6.0: Windows authentication across virtual servers" 
    Date: Fri, 20 Feb 2004 12:40:53 -0800

    If you're running the latest version of psexec, you might want to contact
    Mark at SysInternals - if any user can connect it sounds like a security
    bug. Psexecsvc is probably already running as local system (it does on my
    machine). It uses the user name and password (plaintext - another security
    problem) parameters to impersonates a different user.

    Some options for remote execution of a batch file:
    - WMI
    - Task Scheduler service

    Even better than just a cmdline:
    - Remote Desktop/Terminal Services

    We might have a kerberized telnet client available now. I know there were
    folks working on one. 

    -- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Yuri Palagin" <ypal@utc.ru> wrote in message
news:O2Wrhd49DHA.1268@TK2MSFTNGP12.phx.gbl...
> Hi there.
>
>
>
> I want to enable some users to use PsExec utility (www.sysinternals.com)
for
> executing commands remotely on some servers, but the problem is, PsExec
has
> a key "-s" that lets "run remote process in the System account"(as the
help
> goes). My testing shows that using "psexec \\server -s cmd" allows any
user
> to get access to do just anything on servers with the Admin$ share on. OK,
I
> can disable the Admin$ share, but this disables using PsExec at all. I got
a
> hunch that it has something to do with restricting the right to
impersonate,
> but I've no idea where I can find it. Can anyone give me a lead?
>
>
>
> I'm not stuck with PsExec, so maybe there is another way to allow remote
> command-line to only the chosen, is there?
>
>
>
> Thanks for any ideas,
>
>
> ypal
>
>
  • Next message: David Wang [Msft]: "Re: IIS 6.0: Windows authentication across virtual servers"

    Relevant Pages

    • Re: remote machine execution
      ... The current problem in psexec is they cannot pass "=" sign over to remote ... machines. ... version of psexec. ... What happens when you execute the command line locally on machine ...
      (microsoft.public.windows.server.scripting)
    • RE: [Full-Disclosure] Psexec on *NIX
      ... The idea here is that he'd like to run commands on a remote windows box, ... but Psexec requires nothing more than a fresh windows ...
      (Full-Disclosure)
    • Re: remote machine execution
      ... i tried and it only pass the exe over the remote machine without the ... What happens when you execute the command line locally on machine nol-b0000586? ... you use any credentials to run the command via psexec, ... I suspect that the process spawned by psexec on the remote PC needs some network ...
      (microsoft.public.windows.server.scripting)
    • Re: Impersonation issue with PsExec ?
      ... If you're running the latest version of psexec, ... Mark at SysInternals - if any user can connect it sounds like a security ... Remote Desktop/Terminal Services ... > can disable the Admin$ share, but this disables using PsExec at all. ...
      (microsoft.public.win2000.general)
    • Re: Impersonation issue with PsExec ?
      ... If you're running the latest version of psexec, ... Mark at SysInternals - if any user can connect it sounds like a security ... Remote Desktop/Terminal Services ... > can disable the Admin$ share, but this disables using PsExec at all. ...
      (microsoft.public.win2000.networking)