|
|
|||||||
Hi there! With WMI: -I can, run a process remotely as myself[impersonate]. -I can, run a process remotely as another user. -I CANNOT run a process remotely as anyone that interacts with any resources outside of the remote box! My head hurts! *Remotely as myself code:*Remotely as any user with local admin rights code:Switch the $Commands, in both cases the remote fails... I have been upside down the SDK and the MSDN. I beg of someone, anyone, please, please, please, provide me with the answer! I will consider naming my first born after you! (My wife probably wont agree though... I'm desperate! -Jim Note: I will UDF these after I figure this last one out. |
||||||||
|
|
|||||||
Have you thought of using the Task Scheduler for this? The Task Scheduler can execute under a defined username and can be scheduled remotely. Please take a look at the ScheduleTask() UDF. Oh, and take a look at this thread: http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=1&t=003208 I know, it's not COM but it would solve your problem [ 16 May 2002, 01:26: Message edited by: sealeopard ] |
||||||||
|
|
|||||||
There's actually a freeware that does this exact thing - PSEXEC.EXE (www.sysinternals.com). I'm looking for a com version or scriptable version. SO CLOSE... Also, someone has reverse eng it, it temporarily installs a service... PSEXEC reverse |
||||||||
|
|
|||||||
Anyone out there acctually interested in this? |
||||||||
|
|
|||||||
Crap ! Jim, I was interested in this. I read it last night at home thinking to myself I would try it first thing when I got into work today. Guess there's no way to "fake" this on one lonely home workstation eh ? -Shawn [ 18 May 2002, 01:50: Message edited by: Shawn ] |
||||||||
|
|
|||||||
I'm interested in this as well... Brian |
||||||||
|
|
|||||||
Glad to see you're on board for this guys! I was beginning to think I was all alone on this one... Some keywords that I have been focusing on: RevertToSelf coImpersonateClient coSetProxyBlanket Delegate -> Possibly the ans. I think this requires Kerberos though... Unfortunately, I don't think that any of these methods are Kix friendly, except the delegate prop of impersonate. I'm not a programmer by trade either, so it's been 'learn as you go'. From what I have gathered, it seems as though VBS may be a better platform for this. Booooo! Maybe we need start think outside of the bun? Perhaps create/remove a temp service like the PSEXEC? |
||||||||
|
|
|||||||
Here is a link I found to another utility.. haven't tested it out, yet: http://www.maxcode.com/nuke/article.php?sid=141 |
||||||||
|
|
|||||||
Sweet, but that link is bad... Same app diff location. http://www.codeguru.com/network/xCmd.html BTW, This doesn't work either... quote:Thought that might apply... [ 20 May 2002, 23:35: Message edited by: jtokach ] |
||||||||
|
|
|||||||
Jim, Any revelations on this ? Can't see why this isn't working to be totally honest, everything seems to be in place. When you look at the owner or username attached to the remote process, it shows up as the same credentials as supplied in the script... it doesn't seem to be running under the system context anyways, hmmm.... any more thoughts ? -Shawn p.s. i was hoping this would have helped matters, its an object we can pass as part of the create method: Win32_ProcessStartup but it doesn't seem to hold any answers to the problem ... -Shawn [ 23 May 2002, 16:57: Message edited by: Shawn ] |
||||||||
|
|
|||||||
Shawn, When I was reviewing your previous post I came accross Win32_PrivilegesStatus. We may be able to use this to at least find out why access is denied... http://msdn.microsoft.com/library/en-us/wmisdk/r_32os4_27cj.asp -Jim |
||||||||
|
|
|||||||
Jim, I looked at this quite a bit today - with no luck. You know, the issues surrounding this whole remote process thingy reminds me of the same issues we get when running a batch file under the AT scheduler, you know - no user context. Having said that (and don't laugh) I tried chnaging the Windows Management Instrumentation service to have it run under a Domain User Account, but it wouldn't stick - something about dependencies with other WMI services. I know this sounds drastic, but was just trying to perform a test, have you tried giving the WMI service itself some credentials ? -Shawn |
||||||||
|
|
|||||||
Shawn, LOL! I've been down that road already! I didn't want to bring it up in fear that I would be laughed off the board! Here's our problem... I tried setting the $RCommand to "cmd /c net use z: \\server\share /persistent:no & pause" and sure enough... System Error 1312 This MSKB describes and also hints towards delegation. Unfortunately, without kerberos, this is worthless. This is beginning to look like an exercise in futility... quote:http://support.microsoft.com/default.aspx?scid=kb;en-us;Q214726 |
||||||||
|
|
|||||||
Hello Jim, I posted this a while back, it's a script that loads when the user logs on(dunno if that's a limitation for you or not), allowing you to make them run ANY script at ANY time. Don't know if it's what you're looking for or not? You could execute a RUNAS script from this and have it authenticate to the domain? http://81.17.37.55/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=001695&p= |
||||||||
|
|
|||||||
jtokach said: ...From what I have gathered, it seems as though VBS may be a better platform for this. Booooo!... If you get this working in VBScript, please let me know. I have spent all day on this and am about to s(h)ell out to dos?! cj |
||||||||
|
|
|||||||
ceej, don't be so mad... if everyone else (vbs/js) gives you up, your old friends (kix/dos) never! You can allways go to them! |
||||||||
|
|
|||||||
See posts 20-22 of this thread: WSHPIPE related I haven't started looking into it again yet, but I will when I get some free time... -Jim |
||||||||
|
|
|||||||
I'm in this thing about 6 Month now ... wohoo ... i scripted everything for my company, but this thing is hard work. Maybe following Tool will help you out : http://www.stefan-kuhr.de/supsu/main.php3 It's a rewriten Version of Microsofts SU ... i think you don't need it installed as service ... maybe some of you can test it out and post me Success or not ...8) Greetings J.S. |
||||||||
|
|
|||||||
Hurray, put this topic to rest! I contacted Keith Brown, author of Programming Windows Security. Excerpts: JIM quote:KEITH quote:JIM quote:KEITH quote:JIM quote:KEITH quote: |
||||||||
|
|
|||||||
mm... I have used two tools. other one remote administrator (works with license even though I got my boss to buy it), and other rcmd. remote administrator users current users credentials and rcmd the ones you put in... which way you actually want it to be? |
||||||||
|
|
|||||||
Jim (and others)... I found something that works. I just tested this program ( Tqc Runas ) and installed two programs (IE6 and Project 2000) located on a share on a remote PC using an UNC path. It also includes a DLL that is scriptable, in fact the helpfile specifically mentions KiX! quote: |
||||||||
|
|
|||||||
just searched the board for supsu link and found your response... I think the reason why there is kix mentioned is that they eat the bread from scriptlogics hand |