Re: Impersonation issue with PsExec ?
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 02/23/04
- Previous message: Roger Abell [MVP]: "Re: Problems with complex password"
- In reply to: Yuri Palagin: "Impersonation issue with PsExec ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 22 Feb 2004 23:35:20 -0500
psexec actually installs the service on the remote machine on the fly every
time you run it, you would have to have some pretty interesting permissions
set up if ANYONE can install services on any of your machines.
joe
-- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) "Yuri Palagin" <ypal@utc.ru> wrote in message news:O2Wrhd49DHA.1268@TK2MSFTNGP12.phx.gbl... > Hi there. > > > > I want to enable some users to use PsExec utility (www.sysinternals.com) for > executing commands remotely on some servers, but the problem is, PsExec has > a key "-s" that lets "run remote process in the System account"(as the help > goes). My testing shows that using "psexec \\server -s cmd" allows any user > to get access to do just anything on servers with the Admin$ share on. OK, I > can disable the Admin$ share, but this disables using PsExec at all. I got a > hunch that it has something to do with restricting the right to impersonate, > but I've no idea where I can find it. Can anyone give me a lead? > > > > I'm not stuck with PsExec, so maybe there is another way to allow remote > command-line to only the chosen, is there? > > > > Thanks for any ideas, > > > ypal > >
- Previous message: Roger Abell [MVP]: "Re: Problems with complex password"
- In reply to: Yuri Palagin: "Impersonation issue with PsExec ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
