#47716 - 2003-11-11 04:10 PM
RPC Patch from Microsoft
|
sleeman
Fresh Scripter
Registered: 2001-11-08
Posts: 6
Loc: Ottawa
|
Has anyone heard of a Microsoft's KB patch designed to restrict .exe's being run on remote PCs via the Kix login script,
|
Top
|
|
|
|
#47718 - 2003-11-11 04:22 PM
Re: RPC Patch from Microsoft
|
sleeman
Fresh Scripter
Registered: 2001-11-08
Posts: 6
Loc: Ottawa
|
I know it sounds strange
I support a executable designed to scan system hardware and software information.
A customer, I have, executes this executable with a KIX login script. When in place a user is not able to login. When REM'd out the user is able to login. He tells me that, when the KB is installed the users cannot login when not installed his users can login and run the executable.
Apparently the KB Artical is designed to restrict EXE from running on remote PC.
Here is the login script ; Kix32 NT Inventory collection logon script for Peregrine IDD scanner ; Jon Dunford ; 31/08/01
;Revisions: ;(author) Jon Dunford ;(date) 10/4/01 ;(changes) Full Path for commands for machines which have errors in path statement (c:\winnt\system32) ;(author) Jon Dunford ;(date) 13/7/01 ;(changes) Include NT Servers ;(author) Jon Dunford ;(date) 31/8/01 ;(changes) Removed -10 switch for servers ;(date) 24/04/02 ;(changes) Defined copycmd variable for Windows 2000 machines
$SCANNER="scanw32.exe" $AMSERVER="\\IRA80130" $SRCDIR="$AMSERVER\scanner$" $SRC="$SRCDIR\$SCANNER" $DESTDIR="C:\InfrTool\DeskDisc" $DEST="$DESTDIR\$SCANNER" $FSF="$AMSERVER\fsf$" $PTH="C:\WINNT\SYSTEM32"
$os="" $os_dos=@dos $os_product=ReadValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions","ProductType") $os_service_pack="" $os_subversion=ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion","SubVersionNumber")
IF (@inwin = 1) $NT_mode="yes" ELSE $NT_mode="no" ENDIF
; Determine Operating System type IF ($NT_mode = "yes") AND ($os_product <> "WinNT") AND ($os_dos = "5.0") ; - Windows 2000 - $os="W2k_Server" ELSE IF ($NT_mode = "yes") AND ($os_product = "WinNT") AND ($os_dos = "5.0") $os="W2k_Professional" ELSE IF ($NT_mode = "yes") AND ($os_product = "LANMANNT") ; - Windows NT - $os="NT4_Domain_Controller" ELSE IF ($NT_mode = "yes") AND ($os_product = "ServerNT") $os="NT4_Member_Server" ELSE IF ($NT_mode = "yes") AND ($os_product = "WinNT") $os="NT4" ELSE $os="???" ; - undetermined - ENDIF ENDIF ENDIF ENDIF ENDIF
SET "Audit=0" SET "copycmd=/y" SET "USERFULLNAME=@FULLNAME" SHELL "$PTH\CMD /C $PTH\PING 151.1.79.69 -n 1 -w 1500 > c:\temp\ping.txt" SHELL '$PTH\FIND "Reply" c:\temp\ping.txt' IF @ERROR = 0 IF ($os = "NT4") OR ($os = "W2k_Professional") ; Perform Audit
IF INGROUP("AuditExclude") > 0 SET "Audit=12" ; In AuditExclude Group ELSE SET "Audit=1" ; Performing Audit IF EXIST ("$FSF\%COMPUTERNAME%.LOG") = 0 ; Log does not exist SHELL "$PTH\CMD /C ECHO FirstAudit %COMPUTERNAME% @USERID @FULLNAME > $FSF\%COMPUTERNAME%.LOG" SHELL "$PTH\CMD /C ECHO PATH = %PATH% Logonserver = @LSERVER >> $FSF\%COMPUTERNAME%.LOG" ENDIF IF EXIST ("$DESTDIR") = 0 ; If destination dir does not exist then create SHELL "$PTH\CMD /C MD $DESTDIR" ENDIF
; Copy scanner if newer to local machine SHELL "$PTH\CMD /C C: && CD $DESTDIR && $PTH\XCOPY $SRC /D /Q"
IF EXIST ("$SRCDIR\@USERID") = 1 SET "Audit=2" ; Performing Audit SHELL "$PTH\CMD /C START $SRCDIR\scanw32f.exe" ELSE ; Run the scanner if required SHELL "$PTH\CMD /C START $DEST -scandays15" ENDIF ENDIF ELSE SET "Audit=14" ; Flag Server
IF EXIST ("$FSF\%COMPUTERNAME%.LOG") = 0 ; Log does not exist SHELL "$PTH\CMD /C ECHO FirstAudit NT Server %COMPUTERNAME% @USERID @FULLNAME > $FSF\%COMPUTERNAME%.LOG" SHELL "$PTH\CMD /C ECHO PATH = %PATH% Logonserver = @LSERVER >> $FSF\%COMPUTERNAME%.LOG" ENDIF IF EXIST ("$SRCDIR\@USERID") = 1 SET "Audit=15" ; Performing Audit SHELL "$PTH\CMD /C START $SRCDIR\scanw32sf.exe" ELSE ; Run the scanner if required SHELL "$PTH\CMD /C START $SRCDIR\scanw32s.exe -scandays15" ENDIF ENDIF ELSE ; Server Offline SET "Audit=13" ENDIF
Here is the KB Artical http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp
|
Top
|
|
|
|
#47720 - 2003-11-11 04:26 PM
Re: RPC Patch from Microsoft
|
sleeman
Fresh Scripter
Registered: 2001-11-08
Posts: 6
Loc: Ottawa
|
Sorry forgot the main script
@ECHO OFF %logonserver%\netlogon\kix32.exe %logonserver%\netlogon\maps.scr %logonserver%\netlogon\kix32.exe %logonserver%\netlogon\sms.scr %logonserver%\netlogon\kix32.exe %logonserver%\netlogon\audit.scr %logonserver%\netlogon\kix32.exe %logonserver%\netlogon\isum.scr c: cd\ c: cd winnt ren 23plhniw.old winhlp32.exe ren tideger.old Regedit.exe cd system32 ren 23plhniw.old winhlp32.exe ren rgmksat.old taskmgr.exe ren rgmrsum.old musrmgr.exe ren rgmrsu.old usrmgr.exe ren 23tdeger.old Regedt32.exe cd.. cd sp ren rgmksat.old taskmgr.exe
|
Top
|
|
|
|
#47721 - 2003-11-11 04:29 PM
Re: RPC Patch from Microsoft
|
sleeman
Fresh Scripter
Registered: 2001-11-08
Posts: 6
Loc: Ottawa
|
Yes I agree with installing the patch and will advise my customer to do so, but I have to know if this is a script issue or a scanner issue.
See the executable I support is a self contained executable. An executable should run in a script regardless of the change I would think!!
|
Top
|
|
|
|
#47722 - 2003-11-11 04:47 PM
Re: RPC Patch from Microsoft
|
sleeman
Fresh Scripter
Registered: 2001-11-08
Posts: 6
Loc: Ottawa
|
I want to thank you for your assistance here so far.
I have asked the customer where the script fails and he didn't know so I have a feeling that there is another problem.
What I have asked my customer to do is remove the call for the scanner execution and run the scanner manually. If this works then I believe it's a script problem and not a scanner problem.
The fact that you have said that this should not happen tells me that it's not my scanner.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
1 registered
(Allen)
and 466 anonymous users online.
|
|
|