Re: WMF mitigation: Running regsvr32 on remote computers with PsExec - RESOLVED

While this stops the Picture and Fax Viewer from working, it does not prevent IE from displaying WMF files, which is another attack vector.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Frank B Denman" <news@xxxxxxxxxxxxxxxxxx> wrote in message news:7hjpr1174tk45gunh62onlstigft67sp5b@xxxxxxxxxx
> Maybe you won't have to struggle with this as long as I did to get it working.
>
> PsExec is a free utility downloadable from <www.sysinternals.com>.
>
> This command unregisters shimgvd.dll on a single remote computer. The /S switch
> suppresses the popup dialog:
>
> psexec \\computername -u domain\administrator regsvr32.exe /U /S shimgvw.dll
>
> And it returns the result code:
>
> regsvr32.exe exited on computername with error code 0
>
> To run this command against a whole bunch of workstations:
>
> psexec @computer_list.txt -u domain\administrator regsvr32.exe /U /S
> shimgvw.dll 2> result_codes.txt
>
> Computer_list.txt is a listing of all the remote computer on which the command
> should be run. The format is each computer name on a separate line. The result
> codes go to result_codes.txt instead of to the screen.
>
> To reregister the dll, run the same command but without the /U switch.
>
> Happy camping!
>
> Frank
>
>
> Frank Denman
> Denman Systems
> news@xxxxxxxxxxxxxxxxxx
> Please delete the "x" from my email address.
.

Relevant Pages

  • Re: Re: remothly change IP configuration with netsh
    ... the issue is that NETSH command it haves the option to ... changes are applied to the remote computer not the local ... using the set machine global Netsh command. ...
    (microsoft.public.win2000.cmdprompt.admin)
  • Re: enable/disable a NIC remotely
    ... This utility is named DEVCON. ... DevCon Command Line Utility Alternative to Device Manager ... > when you try to disable the device on the remote computer. ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.win2000.general)
  • WMF mitigation: Running regsvr32 on remote computers with PsExec - RESOLVED
    ... This command unregisters shimgvd.dll on a single remote computer. ... run the same command but without the /U switch. ... Frank Denman ...
    (microsoft.public.windowsxp.security_admin)
  • RE: enable/disable a NIC remotely
    ... This utility is named DEVCON. ... DevCon Command Line Utility Alternative to Device Manager ... when you try to disable the device on the remote computer. ... This posting is provided "AS IS" with no warranties, ...
    (microsoft.public.win2000.general)
  • help backing up remote computers registry using REG.EXE...
    ... I'm new here and I'm not sure if I'm posting this in the correct spot. ... I'm trying to do this in a command prompt: ... to save a registry key from the remote computer to a file ... <filename>. ...
    (microsoft.public.win32.programmer.networks)
Quantcast