sleeman (Fresh Scripter) 2003-11-11 04:10 PM	RPC Patch from Microsoft
	Has anyone heard of a Microsoft's KB patch designed to restrict .exe's being run on remote PCs via the Kix login script,
Sealeopard (KiX Master) 2003-11-11 04:11 PM	Re: RPC Patch from Microsoft
	Would you mind elaborating on this?
sleeman (Fresh Scripter) 2003-11-11 04:22 PM	Re: RPC Patch from Microsoft
	I know it sounds strange I support a executable designed to scan system hardware and software information. A customer, I have, executes this executable with a KIX login script. When in place a user is not able to login. When REM'd out the user is able to login. He tells me that, when the KB is installed the users cannot login when not installed his users can login and run the executable. Apparently the KB Artical is designed to restrict EXE from running on remote PC. Here is the login script ; Kix32 NT Inventory collection logon script for Peregrine IDD scanner ; Jon Dunford ; 31/08/01 ;Revisions: ;(author) Jon Dunford ;(date) 10/4/01 ;(changes) Full Path for commands for machines which have errors in path statement (c:\winnt\system32) ;(author) Jon Dunford ;(date) 13/7/01 ;(changes) Include NT Servers ;(author) Jon Dunford ;(date) 31/8/01 ;(changes) Removed -10 switch for servers ;(date) 24/04/02 ;(changes) Defined copycmd variable for Windows 2000 machines $SCANNER="scanw32.exe" $AMSERVER="\\IRA80130" $SRCDIR="$AMSERVER\scanner$" $SRC="$SRCDIR\$SCANNER" $DESTDIR="C:\InfrTool\DeskDisc" $DEST="$DESTDIR\$SCANNER" $FSF="$AMSERVER\fsf$" $PTH="C:\WINNT\SYSTEM32" $os="" $os_dos=@dos $os_product=ReadValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions","ProductType") $os_service_pack="" $os_subversion=ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion","SubVersionNumber") IF (@inwin = 1) $NT_mode="yes" ELSE $NT_mode="no" ENDIF ; Determine Operating System type IF ($NT_mode = "yes") AND ($os_product <> "WinNT") AND ($os_dos = "5.0") ; - Windows 2000 - $os="W2k_Server" ELSE IF ($NT_mode = "yes") AND ($os_product = "WinNT") AND ($os_dos = "5.0") $os="W2k_Professional" ELSE IF ($NT_mode = "yes") AND ($os_product = "LANMANNT") ; - Windows NT - $os="NT4_Domain_Controller" ELSE IF ($NT_mode = "yes") AND ($os_product = "ServerNT") $os="NT4_Member_Server" ELSE IF ($NT_mode = "yes") AND ($os_product = "WinNT") $os="NT4" ELSE $os="???" ; - undetermined - ENDIF ENDIF ENDIF ENDIF ENDIF SET "Audit=0" SET "copycmd=/y" SET "USERFULLNAME=@FULLNAME" SHELL "$PTH\CMD /C $PTH\PING 151.1.79.69 -n 1 -w 1500 > c:\temp\ping.txt" SHELL '$PTH\FIND "Reply" c:\temp\ping.txt' IF @ERROR = 0 IF ($os = "NT4") OR ($os = "W2k_Professional") ; Perform Audit IF INGROUP("AuditExclude") > 0 SET "Audit=12" ; In AuditExclude Group ELSE SET "Audit=1" ; Performing Audit IF EXIST ("$FSF\%COMPUTERNAME%.LOG") = 0 ; Log does not exist SHELL "$PTH\CMD /C ECHO FirstAudit %COMPUTERNAME% @USERID @FULLNAME > $FSF\%COMPUTERNAME%.LOG" SHELL "$PTH\CMD /C ECHO PATH = %PATH% Logonserver = @LSERVER >> $FSF\%COMPUTERNAME%.LOG" ENDIF IF EXIST ("$DESTDIR") = 0 ; If destination dir does not exist then create SHELL "$PTH\CMD /C MD $DESTDIR" ENDIF ; Copy scanner if newer to local machine SHELL "$PTH\CMD /C C: && CD $DESTDIR && $PTH\XCOPY $SRC /D /Q" IF EXIST ("$SRCDIR\@USERID") = 1 SET "Audit=2" ; Performing Audit SHELL "$PTH\CMD /C START $SRCDIR\scanw32f.exe" ELSE ; Run the scanner if required SHELL "$PTH\CMD /C START $DEST -scandays15" ENDIF ENDIF ELSE SET "Audit=14" ; Flag Server IF EXIST ("$FSF\%COMPUTERNAME%.LOG") = 0 ; Log does not exist SHELL "$PTH\CMD /C ECHO FirstAudit NT Server %COMPUTERNAME% @USERID @FULLNAME > $FSF\%COMPUTERNAME%.LOG" SHELL "$PTH\CMD /C ECHO PATH = %PATH% Logonserver = @LSERVER >> $FSF\%COMPUTERNAME%.LOG" ENDIF IF EXIST ("$SRCDIR\@USERID") = 1 SET "Audit=15" ; Performing Audit SHELL "$PTH\CMD /C START $SRCDIR\scanw32sf.exe" ELSE ; Run the scanner if required SHELL "$PTH\CMD /C START $SRCDIR\scanw32s.exe -scandays15" ENDIF ENDIF ELSE ; Server Offline SET "Audit=13" ENDIF Here is the KB Artical http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp
Wizard (Hey THIS is FUN) 2003-11-11 04:26 PM	Re: RPC Patch from Microsoft
	Hello there, I havn't read your script yet, but that patch should not effect kix in anyway. Where abouts in the script does it fall over.? I have it running on my Windows NT and 2000 boxes with no problems. Also, I would very strongly recomend that you install that patch. Wiz [ 11. November 2003, 16:27: Message edited by: Wizard ]
sleeman (Fresh Scripter) 2003-11-11 04:26 PM	Re: RPC Patch from Microsoft
	Sorry forgot the main script @ECHO OFF %logonserver%\netlogon\kix32.exe %logonserver%\netlogon\maps.scr %logonserver%\netlogon\kix32.exe %logonserver%\netlogon\sms.scr %logonserver%\netlogon\kix32.exe %logonserver%\netlogon\audit.scr %logonserver%\netlogon\kix32.exe %logonserver%\netlogon\isum.scr c: cd\ c: cd winnt ren 23plhniw.old winhlp32.exe ren tideger.old Regedit.exe cd system32 ren 23plhniw.old winhlp32.exe ren rgmksat.old taskmgr.exe ren rgmrsum.old musrmgr.exe ren rgmrsu.old usrmgr.exe ren 23tdeger.old Regedt32.exe cd.. cd sp ren rgmksat.old taskmgr.exe
sleeman (Fresh Scripter) 2003-11-11 04:29 PM	Re: RPC Patch from Microsoft
	Yes I agree with installing the patch and will advise my customer to do so, but I have to know if this is a script issue or a scanner issue. See the executable I support is a self contained executable. An executable should run in a script regardless of the change I would think!!
sleeman (Fresh Scripter) 2003-11-11 04:47 PM	Re: RPC Patch from Microsoft
	I want to thank you for your assistance here so far. I have asked the customer where the script fails and he didn't know so I have a feeling that there is another problem. What I have asked my customer to do is remove the call for the scanner execution and run the scanner manually. If this works then I believe it's a script problem and not a scanner problem. The fact that you have said that this should not happen tells me that it's not my scanner.
Wizard (Hey THIS is FUN) 2003-11-11 04:50 PM	Re: RPC Patch from Microsoft
	I agree, Once you find out the other information, post back here and we'll try and sort it. Wiz