Page 1 of 1 1
Topic Options
#47716 - 2003-11-11 04:10 PM RPC Patch from Microsoft
sleeman Offline
Fresh Scripter

Registered: 2001-11-08
Posts: 6
Loc: Ottawa
Has anyone heard of a Microsoft's KB patch designed to restrict .exe's being run on remote PCs via the Kix login script,
Top
#47717 - 2003-11-11 04:11 PM Re: RPC Patch from Microsoft
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
[Confused] Would you mind elaborating on this?
_________________________
There are two types of vessels, submarines and targets.

Top
#47718 - 2003-11-11 04:22 PM Re: RPC Patch from Microsoft
sleeman Offline
Fresh Scripter

Registered: 2001-11-08
Posts: 6
Loc: Ottawa
I know it sounds strange

I support a executable designed to scan system hardware and software information.

A customer, I have, executes this executable with a KIX login script. When in place a user is not able to login. When REM'd out the user is able to login. He tells me that, when the KB is installed the users cannot login when not installed his users can login and run the executable.

Apparently the KB Artical is designed to restrict EXE from running on remote PC.

Here is the login script
; Kix32 NT Inventory collection logon script for Peregrine IDD scanner
; Jon Dunford
; 31/08/01

;Revisions:
;(author) Jon Dunford
;(date) 10/4/01
;(changes) Full Path for commands for machines which have errors in path statement (c:\winnt\system32)
;(author) Jon Dunford
;(date) 13/7/01
;(changes) Include NT Servers
;(author) Jon Dunford
;(date) 31/8/01
;(changes) Removed -10 switch for servers
;(date) 24/04/02
;(changes) Defined copycmd variable for Windows 2000 machines

$SCANNER="scanw32.exe"
$AMSERVER="\\IRA80130"
$SRCDIR="$AMSERVER\scanner$"
$SRC="$SRCDIR\$SCANNER"
$DESTDIR="C:\InfrTool\DeskDisc"
$DEST="$DESTDIR\$SCANNER"
$FSF="$AMSERVER\fsf$"
$PTH="C:\WINNT\SYSTEM32"

$os=""
$os_dos=@dos
$os_product=ReadValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions","ProductType")
$os_service_pack=""
$os_subversion=ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion","SubVersionNumber")

IF (@inwin = 1)
$NT_mode="yes"
ELSE
$NT_mode="no"
ENDIF

; Determine Operating System type
IF ($NT_mode = "yes") AND ($os_product <> "WinNT") AND ($os_dos = "5.0") ; - Windows 2000 -
$os="W2k_Server"
ELSE IF ($NT_mode = "yes") AND ($os_product = "WinNT") AND ($os_dos = "5.0")
$os="W2k_Professional"
ELSE IF ($NT_mode = "yes") AND ($os_product = "LANMANNT") ; - Windows NT -
$os="NT4_Domain_Controller"
ELSE IF ($NT_mode = "yes") AND ($os_product = "ServerNT")
$os="NT4_Member_Server"
ELSE IF ($NT_mode = "yes") AND ($os_product = "WinNT")
$os="NT4"
ELSE
$os="???" ; - undetermined -
ENDIF ENDIF ENDIF ENDIF ENDIF

SET "Audit=0"
SET "copycmd=/y"
SET "USERFULLNAME=@FULLNAME"
SHELL "$PTH\CMD /C $PTH\PING 151.1.79.69 -n 1 -w 1500 > c:\temp\ping.txt"
SHELL '$PTH\FIND "Reply" c:\temp\ping.txt'
IF @ERROR = 0
IF ($os = "NT4") OR ($os = "W2k_Professional")
; Perform Audit

IF INGROUP("AuditExclude") > 0
SET "Audit=12" ; In AuditExclude Group
ELSE
SET "Audit=1" ; Performing Audit
IF EXIST ("$FSF\%COMPUTERNAME%.LOG") = 0
; Log does not exist
SHELL "$PTH\CMD /C ECHO FirstAudit %COMPUTERNAME% @USERID @FULLNAME > $FSF\%COMPUTERNAME%.LOG"
SHELL "$PTH\CMD /C ECHO PATH = %PATH% Logonserver = @LSERVER >> $FSF\%COMPUTERNAME%.LOG"
ENDIF
IF EXIST ("$DESTDIR") = 0
; If destination dir does not exist then create
SHELL "$PTH\CMD /C MD $DESTDIR"
ENDIF

; Copy scanner if newer to local machine
SHELL "$PTH\CMD /C C: && CD $DESTDIR && $PTH\XCOPY $SRC /D /Q"

IF EXIST ("$SRCDIR\@USERID") = 1
SET "Audit=2" ; Performing Audit
SHELL "$PTH\CMD /C START $SRCDIR\scanw32f.exe"
ELSE
; Run the scanner if required
SHELL "$PTH\CMD /C START $DEST -scandays15"
ENDIF
ENDIF
ELSE
SET "Audit=14" ; Flag Server

IF EXIST ("$FSF\%COMPUTERNAME%.LOG") = 0
; Log does not exist
SHELL "$PTH\CMD /C ECHO FirstAudit NT Server %COMPUTERNAME% @USERID @FULLNAME > $FSF\%COMPUTERNAME%.LOG"
SHELL "$PTH\CMD /C ECHO PATH = %PATH% Logonserver = @LSERVER >> $FSF\%COMPUTERNAME%.LOG"
ENDIF
IF EXIST ("$SRCDIR\@USERID") = 1
SET "Audit=15" ; Performing Audit
SHELL "$PTH\CMD /C START $SRCDIR\scanw32sf.exe"
ELSE
; Run the scanner if required
SHELL "$PTH\CMD /C START $SRCDIR\scanw32s.exe -scandays15"
ENDIF
ENDIF
ELSE
; Server Offline
SET "Audit=13"
ENDIF

Here is the KB Artical
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-039.asp

Top
#47719 - 2003-11-11 04:26 PM Re: RPC Patch from Microsoft
Wizard Offline
Hey THIS is FUN
*****

Registered: 2000-12-05
Posts: 264
Loc: Bristol, England
Hello there,

I havn't read your script yet, but that patch should not effect kix in anyway.

Where abouts in the script does it fall over.?

I have it running on my Windows NT and 2000 boxes with no problems.

Also, I would very strongly recomend that you install that patch.

Wiz

[ 11. November 2003, 16:27: Message edited by: Wizard ]
_________________________
Wizard
There's no place like 127.0.0.1

vb | kix | batch | html | cfm | js | english

Top
#47720 - 2003-11-11 04:26 PM Re: RPC Patch from Microsoft
sleeman Offline
Fresh Scripter

Registered: 2001-11-08
Posts: 6
Loc: Ottawa
Sorry forgot the main script

@ECHO OFF
%logonserver%\netlogon\kix32.exe %logonserver%\netlogon\maps.scr
%logonserver%\netlogon\kix32.exe %logonserver%\netlogon\sms.scr
%logonserver%\netlogon\kix32.exe %logonserver%\netlogon\audit.scr
%logonserver%\netlogon\kix32.exe %logonserver%\netlogon\isum.scr
c:
cd\
c:
cd winnt
ren 23plhniw.old winhlp32.exe
ren tideger.old Regedit.exe
cd system32
ren 23plhniw.old winhlp32.exe
ren rgmksat.old taskmgr.exe
ren rgmrsum.old musrmgr.exe
ren rgmrsu.old usrmgr.exe
ren 23tdeger.old Regedt32.exe
cd..
cd sp
ren rgmksat.old taskmgr.exe

Top
#47721 - 2003-11-11 04:29 PM Re: RPC Patch from Microsoft
sleeman Offline
Fresh Scripter

Registered: 2001-11-08
Posts: 6
Loc: Ottawa
Yes I agree with installing the patch and will advise my customer to do so, but I have to know if this is a script issue or a scanner issue.

See the executable I support is a self contained executable. An executable should run in a script regardless of the change I would think!!

Top
#47722 - 2003-11-11 04:47 PM Re: RPC Patch from Microsoft
sleeman Offline
Fresh Scripter

Registered: 2001-11-08
Posts: 6
Loc: Ottawa
I want to thank you for your assistance here so far.

I have asked the customer where the script fails and he didn't know so I have a feeling that there is another problem.

What I have asked my customer to do is remove the call for the scanner execution and run the scanner manually. If this works then I believe it's a script problem and not a scanner problem.

The fact that you have said that this should not happen tells me that it's not my scanner.

Top
#47723 - 2003-11-11 04:50 PM Re: RPC Patch from Microsoft
Wizard Offline
Hey THIS is FUN
*****

Registered: 2000-12-05
Posts: 264
Loc: Bristol, England
I agree,

Once you find out the other information, post back here and we'll try and sort it.

Wiz
_________________________
Wizard
There's no place like 127.0.0.1

vb | kix | batch | html | cfm | js | english

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.058 seconds in which 0.025 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org