Re: Impersonation issue with PsExec ?

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 02/20/04 

Date: Fri, 20 Feb 2004 12:40:53 -0800

If you're running the latest version of psexec, you might want to contact
Mark at SysInternals - if any user can connect it sounds like a security
bug. Psexecsvc is probably already running as local system (it does on my
machine). It uses the user name and password (plaintext - another security
problem) parameters to impersonates a different user.

Some options for remote execution of a batch file:
- WMI
- Task Scheduler service

Even better than just a cmdline:
- Remote Desktop/Terminal Services

We might have a kerberized telnet client available now. I know there were
folks working on one. 

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Yuri Palagin" <ypal@utc.ru> wrote in message
news:O2Wrhd49DHA.1268@TK2MSFTNGP12.phx.gbl...
> Hi there.
>
>
>
> I want to enable some users to use PsExec utility (www.sysinternals.com)
for
> executing commands remotely on some servers, but the problem is, PsExec
has
> a key "-s" that lets "run remote process in the System account"(as the
help
> goes). My testing shows that using "psexec \\server -s cmd" allows any
user
> to get access to do just anything on servers with the Admin$ share on. OK,
I
> can disable the Admin$ share, but this disables using PsExec at all. I got
a
> hunch that it has something to do with restricting the right to
impersonate,
> but I've no idea where I can find it. Can anyone give me a lead?
>
>
>
> I'm not stuck with PsExec, so maybe there is another way to allow remote
> command-line to only the chosen, is there?
>
>
>
> Thanks for any ideas,
>
>
> ypal
>
>

Relevant Pages

  • Re: remote machine execution
    ... The current problem in psexec is they cannot pass "=" sign over to remote ... machines. ... version of psexec. ... What happens when you execute the command line locally on machine ...
    (microsoft.public.windows.server.scripting)
  • RE: [Full-Disclosure] Psexec on *NIX
    ... The idea here is that he'd like to run commands on a remote windows box, ... but Psexec requires nothing more than a fresh windows ...
    (Full-Disclosure)
  • Re: remote machine execution
    ... i tried and it only pass the exe over the remote machine without the ... What happens when you execute the command line locally on machine nol-b0000586? ... you use any credentials to run the command via psexec, ... I suspect that the process spawned by psexec on the remote PC needs some network ...
    (microsoft.public.windows.server.scripting)
  • Re: Impersonation issue with PsExec ?
    ... If you're running the latest version of psexec, ... Mark at SysInternals - if any user can connect it sounds like a security ... Remote Desktop/Terminal Services ... > can disable the Admin$ share, but this disables using PsExec at all. ...
    (microsoft.public.win2000.networking)
  • Re: Impersonation issue with PsExec ?
    ... If you're running the latest version of psexec, ... Mark at SysInternals - if any user can connect it sounds like a security ... Remote Desktop/Terminal Services ... > can disable the Admin$ share, but this disables using PsExec at all. ...
    (microsoft.public.windows.server.security)