Over 1 million tech questions and answers.

Remotely set up RDP secpol? psexec?

Q: Remotely set up RDP secpol? psexec?

Hello all, I have a question about setting up Remote Desktop on PCs in our company. For most of the PCs on our network Remote Desktop is disabled by decree of the management. When I do need access to a machine I'll use psexec to enable the service then I'll disable it when I'm done. Some of the PCs are accessed by normal (non-admin) users on the network using Remote Desktop - we're looking for a way to remotely edit the list of users that can access the PCs that way - it'll be one specific user allowed per machine so a group policy doesn't seem to be the right way to go... Basically I'm looking for a way to remotely edit a machine's local secpol, specifically the "Allow logon through terminal services" setting.
I found this MS article http://technet.microsoft.com/en-us/library/bb457125.aspx that mentions the SeNetworkLogonRight but I don't see that in the registry... I must be missing something stupid here - there has to be an easy way to do what I'm trying to do... Does anyone know what that easy way is?
This is the command I use to enable remote desktop - it seems like something similar could be used to edit the userlist? Argh!
psexec \\machine reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0

-Oh, it's an Active Directory Domain, all the PCs are WinXP - Thanks!

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Remotely set up RDP secpol? psexec?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 76.8

I am trying to determine why IE7 installer fails to work when using PSEXEC to remotely install it?
I have the IE7 installer in c:\temp
This does not work (The switches are valid)
 
psexec \\new_computer c:\temp\ie7.exe /quiet /update-no /norestart /log:c:\temp
 
 
 
It installs fine with the same switches if I manually run it locally but I *MUST* remotely install it as I have multiple PCs to manage and don't need to bother the users 
Below is the log it generates yet it's not making any sense.

00:00.000: ====================================================================
00:00.218: Started: 2011/05/21 (Y/M/D) 21:11:52.900 (local)
00:00.468: Time Format in this log: MM:ss.mmm (minutes:seconds.milliseconds)
00:00.609: Command line: c:\ba1df32f992674d86f0534\update\iesetup.exe /quiet /update-no /norestart /log:c:\temp
00:00.890: INFO: Acquired Package Installer Mutex
00:01.125: INFO: Operating System: Windows Workstation: 5.2.3790 (Service Pack 2)
00:01.656: INFO: Checking version for C:\Program Files\Internet Explorer\iexplore.exe: 6.0.3790.1830
00:01.765: INFO: C:\Program Files\Internet Explorer\iexplore.exe version: 6.0.3790.1830
00:01.781: INFO: Checking if iexplore.exe's current version is between 7.0.0.0...
00:01.812: INFO: ...and 7.1.0.0...
00:01.890: INFO: Maximum version on which to run IEAK branding is: 7.1.0.0...
00:01.906: INFO: iexplore.exe version check success. Install can proceed.
00:01.922: INFO: EULA not shown in passive or... Read more

A:Unable to remotely install IE7 using PSEXEC

Hi,

 

Regarding the issue, I’m just wondering that if you can collect the IE7 log (%windir%\ie7.log)for me, then we can try to find the cause.


 

Please understand, we need more detail information to troubleshooting the issue.You may upload the file via SkyDrive and post a link here.

 

Also please refer:

 

http://support.microsoft.com/kb/917925

 

Also if you want remote install IE7, you may use the .msi file to do. Please refer:

 

http://support.microsoft.com/kb/942812

 

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e41d8800-d134-4356-a2e7-c01bee790908&displaylang=en
Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ?

Read other 7 answers
RELEVANCY SCORE 75.2

Hi there,
As described in the following link on how to run a disk defragment using Disk Defragmenter via PsExec http://www.winhelponline.com/blog/how-to-run-disk-defragmenter-on-a-remote-computer/,
would you say that all parameters mentioned by the author in the blog are applicable? If not, please could you specify which parameters aren't needed in order for me achieve this task efficiently, I've been trying to understand all the parameters for PsExec
and from what I can understand I don't think parameters -s and -f are applicable as mentioned in
http://technet.microsoft.com/en-gb/sysinternals/bb897553.aspx. Reason why I say this is that when you when specify parameter -s (using system account) in the command and log on as a
user of that remote computer in which I've been using Remote Desktop to achieve this as well as Command Prompt, the prompt comes up with "Disk Defragmenter exited with error code 0" straightaway when logging on and logging off as that user on the
remote computer, the same also applies when logging off as that user on the remote computer when running the command when being logged on as that user whereas if you don't specify parameter -s the message is delayed for longer which is what I would expect,
I'm assuming error code 0 means that the task has completed successfully as mentioned in the following link
http://aumha.org/a/defragerr.htm. Another reason as to why I don't think parameter -f is needed is that the program (Disk Def... Read more

A:Clarification of running Disk Defragmenter remotely using PsExec

Case closed, managed to solve issue.

Read other 1 answers
RELEVANCY SCORE 73.6

Hi,
We are unable to take backup of "Favorites","Desktop" folders in a user profile when scanstate is run remotely using "Psexec \\computername -s scanstate.exe /ue:*\* /ui:domain\user /i:miguser.xml /config:config.xml /c" command.
These folders are redirected to a shared folder on a server and when we try to see the folders by using UNC path(\\computername\c$\users\username) on the user's machine they dont appear under user profile. Even though "Documents" are redirected,
we are able to take backup of the "Documents" folder.
However, when scanstate is run locally on the system, all folders are backedup to usmt.mig file. We are using "miguser.xml" and "Config.xml" for scanstate, since we need backup of "Documents","Desktop" and "Favorites"
only. After searching over internet, we doubt that, this behavior has got something to do with "Shell Folders" and "User Shell Folders" in the registry under "HKCU\Software\Microsoft\Windows\Currentversion\explorer\shell folders",
where paths to all user profile related folders information is stored. We dont find "Documents" folder there, may be thats the reason why we are able to take backup of only "My Documents" and not the rest of the folders (Favorites,Desktop).
When scanstate is run locally, the backup of "Favorites","Desktop" and "Documents" is... Read more

Read other answers
RELEVANCY SCORE 46.4

There are some apps in win 8.1 which I cant open. The message says “This app cant open using the build-in admin account. Sign in with a different account and try again”

Since I’m the administrator I cant see why I cant open any app. Searching I notice that I have to open “secpol.msc” or “GPMC” or “gpedit.msc” and when I type these commands in the Run I get the message file not found

Any solution?
 

A:Where is Secpol.msc?

Read other 11 answers
RELEVANCY SCORE 46.4

Does "secpol.msc " work with Vista home premium? The search did not return anything. Is there another way to display the GUI for local security policy? Tks

A:secpol.msc

Hello Sportflyer,

Sorry, but Local Security Policy (secpol.msc) is not available in Vista Home Premium. Changes for them can still be made manually in the registry though. If you post back with a specific policy that you wanted to change, one of us here may be able to find the registry setting for it.

Read other 5 answers
RELEVANCY SCORE 46

Hi there, running Vista Home Premium 32bit and wanting to know whether or not i should have any of these files or not, because can't find them and googling them gives varied responses some saying that Vista home premium dosen't have these, can anyone tell me whether this is true and also if i am supposed to have one of them where the hell has mine gone and how do i get them back, or it back !
Thanks in advance !

A:Secpol and Gpedit.msc !

These are not available in Home Basic and Home Premium versions of Vista. They are, however, available in the Business, Ultimate, and Enterprise versions. Most of the options are only designed for systems used in a business environment, not for home use. However, both of these are merely interfaces and some, but not all, of the changes that can be made with these tools can be found in the registry.

Read other 3 answers
RELEVANCY SCORE 46

Hi all!
I have windows 7 Professional. I just reinstalled Windows 7 and when I go to to the management console, there is no option to add the local security policy as a snap in. Is there any download where I can restore secpol.msc and the files associated with it?

A:secpol.msc missing? (Win 7 Pro)

Go to \windows\system32 and do a search for *.msc or go to a command prompt, change directory to \windows\system32 and do a DIR *.msc

is secpol listed?

Read other 5 answers
RELEVANCY SCORE 46

Its not urgent, i just wanted to fiddle around with some settings but when i look for the Local Security Policy it is not in administrative tools and when i try to run secpol.msc it says windows cannot find it*

there is however a file in C:\Windows\System32 that is called SecEdit.exe but that just brings up a cmd window for a fraction of a second

any ideas on how to access this snap-in??

thanks

*i used Local Security Policy Editor - Open to try and locate it initially

A:secpol.msc does not exist

Hello Maccaquacker,

Sorry, but since you have Vista Home Premium....

From link above:
   Warning

The Local Security Group Policy Editor will only be available in the Vista Business, Ultimate, and Enterpise editions. You will not have the Local Security Policy Editor available in the Vista Home Basic and Home Premium editions.

Read other 5 answers
RELEVANCY SCORE 45.2

How do I get windows to open secpol.msc?
I tried using run but I get a message saying windows can't find the file.
I have full administrator priviledges.
I'm running Home Premium x64.

A:windows cant find secpol.msc

Hi brucedpitkin

Some of the more "business" orientated tools are missing from the Home editions of Vista. Have a look in C:\windows\system32 but It may not be there Am on 7 Ultimate at the moment so cannot check specifically

Read other 3 answers
RELEVANCY SCORE 45.2

So what's the point of having both or using both?

I setup a bunch of software restrictions using the Group Policy Editor, all work sfine.

Now if I look at the Software Restrictions using the Security Policy Editor those same restrictons I had defined do not show up?

Is there a reason for this.

And so my initial question: What's the point of having two editors that do the same thing?
Does one work differently than the other?

Thank Yuo!!
 

A:Solved: secpol v.s. gpedit

no one knows if there is a diff. that separates secpol from gpedit?
 

Read other 1 answers
RELEVANCY SCORE 45.2

xp sp 3 recently installed

1. When logging in, pressing ctrl+alt+del twice doesn't bring up the dialogue into which I can type a username. Why?

2. I renamed Administrator and was looking to change its password. How can I change this password?

3. But I noticed that this account is crossed out in secpol.msc. Why? If that means it's disabled, doesn't that contradict that Administrator must always be enabled?

A:Why is sysadmin crossed out in secpol.msc? et al

4. Why does win 7 require so much more space than win xp?

5. Is there a way to reduce this?

Read other 4 answers
RELEVANCY SCORE 45.2

Now I'm REALLY mad. I bought a new machine. Can I get one with XP? No. So I'm stuck with Windows 7. Like an idiot, I got the home version rather than pro. Shoot, XP home worked just fine for me.

Now I want to work for a living (no, I don't use computers for entertainment). After MANY HOURS of trying to get it to work with my various customers, I learn that I can't VPN into one customer server unless I can run secpol.msc.

Do I have that on this version of Windows? No.

I got a copy of the utility from somebody with a Pro version. Will it successfully run on my machine? No. Can't create the "snapin".

At my hourly rate I have easily spent $2000.00 trying to get this machine to be productive for me. I still can't use it because now I have to buy an upgrade to Windows 7 pro. Which means all the installations I've done so far get wiped. That will be another $1,000.00 down the drain. And then who knows what new surprises I'll find?

You might as well sell a car without a spare tire but no jack. You might as well sell a house without a toilet. How can MS justify selling an OS without the utilities that are necessary to use it in the real world? And how the was I supposed to know that these utilities were excluded from one version but included in another?

Really. Does anybody wonder why people hate Windows? This is ruining my quality of life and costing me large amounts of money.

A:secpol.msc not on Win 7 Home Premium?!?!

Look into Anytime Upgrade. I am not sure but I believe it will let you upgrade to Pro without losing your settings.

Jim

Read other 1 answers
RELEVANCY SCORE 44.8

Where on earth did they go?

A:No gpedit or secpol.msc snap ins in Windows 8?

I think you need Windows 8 Pro or higher (Enterprise)

Read other 3 answers
RELEVANCY SCORE 44.8

If I enable audit on the shares on my file server, will ATA monitor it and use it in their analytics?
Are there any other audit settings (from secpol.msc) disabled by default we should enable to get more detailed monitoring?

Read other answers
RELEVANCY SCORE 44.8

On windows Vista I could edit the Security Policies by typing "secpol" into the run window. This isn't the case in windows 7? Or am I not entering the right thing?
 

A:Solved: Security Policies (secpol)

Read other 7 answers
RELEVANCY SCORE 44.8

Hi everyone,
I had a virus attack (Win32/Packed.Autoit.Gen) and after cleaning the mess (NOD32), I found out that a lot of things are missing in my computer (no admin rights, no gpedit.msc, no msconfig.exe, no regedit.exe, no taskmgr.exe, secpol.msc,....and so) and it seems that the files are either deleted or corrupted because i can"t find them (execute) and when I try to launch them via control panel it says " windows can't find...". Unfortunately i have no restore point or save and windows 7 does not have another system repair option . I used fixwin v1.2 but nothin changed .
Please help me because i don't want to rely on the install/format solutions and thank you very much

A:No regedit.exe / secpol.msc after virus attack

Do you have an image of your system? Do you have restore points?

Read other 9 answers
RELEVANCY SCORE 44.8

I'm using Home premium and apparently it doesn't support
secpol.msc

I need to the following apparently to get access to a usb port on a Thomson TG782T modem
"click the start button and type secpol.msc in the search function. Browse to "Local Policies" -> "Security Options". Now look for the entry "Network Security: LAN Manager authentication level" and open it. Click on the dropdown menu and select "Send LM & NTLM - use NTLMv2 session security if negotiated". Apply the settings."


Does anyone know if there is a work around?


I want to connect printers to this port and avoid using another PC as a server.

A:Secpol.msc / Network security workaround

  
Quote: Originally Posted by mjf


I'm using Home premium and apparently it doesn't support
secpol.msc

I need to the following apparently to get access to a usb port on a Thomson TG782T modem
"click the start button and type secpol.msc in the search function. Browse to "Local Policies" -> "Security Options". Now look for the entry "Network Security: LAN Manager authentication level" and open it. Click on the dropdown menu and select "Send LM & NTLM - use NTLMv2 session security if negotiated". Apply the settings."


Does anyone know if there is a work around?


I want to connect printers to this port and avoid using another PC as a server.


Hi. I can't guarantee this will work, because I have ultimate, and I don't use this feature. But, I changed it on my computer, and compared my registry before and after and found that setting the level you described changed one registry key.

Please make sure you back up your registry before doing this. I'd create a restore point.

Go into regedit and Navigate to

HKLM|System|CurrentControlSet|Control|LSA

If the key LMCompatabilityLevel is present, set it's value to 1.

If not present, add a new DWORD (32 bit value), and set its value to 0x1 (Hexadecimal 1).

Reboot. And see how you go. Test your system to see if changing this setting impacted other clients or services.

If this does not work, I'd return the registry to the way... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Hello Team,
Please I want to ask if it is possible for ATA to detect when an attacker launch remote code execution (psexec) against a server on the network. I know ATA detects when such attack is launched against domain controllers, but what if the targeted machine
is a member server or workstation, will ATA still detect it?
Thanks.

BR, David Sunday

Read other answers
RELEVANCY SCORE 44.4

I am in the process of putting a batch file together to detect and force microsoft updates to a machine or a group of machines using PSEXEC.exe and a VBS script created by Rob Dunn and posted over at the forums at www.wsus.info.

I have listed below the steps needed to complete this task and would like it put together (if possible) in a batch file, UPDATE.VBS is the name of the script that I copy over to the machine and the PSTOOLS dir is the directory that PSEXEC resides in.

If I run these commands one at a time everything runs well, I would just like to know if it is possible to make this a "one step process"?


Ok here are all the cmds I need in order to run the script

1. net use \\TARGETMACHINE\C$ /user:"DOMAIN\DOMAIN USER"

2. copy update.vbs \\TARGETMACHINE\C$\update.vbs

3. exit back into PSTOOLS directory

3. psexec.exe \\TARGETMACHINE -u "DOMAIN\DOMAIN USER" -p PASSWORD -e -i cmd.exe /c cscript.exe //B C:\UPDATE.vbs


I have tested this on multiple machines and everything is running well. Any suggestions on how to set this up in one batch file? Of course I will eventually setup the PSTOOLS dir on a network drive instead of my local machine.

A:Using PSEXEC and VBS script with WSUS

Ok after a few weeks of playing around with the script and lots of help from Karlchen over at http://forum.sysinternals.com/default.asp I got it running, it goes a little something like this:

@echo off
:: Programme: remoteupd.bat
:: Function : copy update.vbs to \\target
:: launch update.vbs on \\target using psexec
:: &nbs p; will read computerlist.txt and launch update.vbs on each
:: &nbs p; of the hostnames\IPs inside the file
:: Status : third draft, arguments given on commandline, uses a listfile
:: Note : we will assume "computerlist.txt" is located in F:\Work Applications\WSUS Force Update, too.
:: Usage : remoteupd.bat adminuser password
::
:: Check that 2 arguments have been given on the commandline
if "%2"=="" (
echo usage: remoteupd.bat adminuser password
echo Try again.
exit /b 1
)
set ADMUSER="ADMIN USER\DOMAIN"
set ADMPASS="PASSWORD"
set LISTFILE=computerlist.txt

:: go to the source folder
f:
cd \Work Applications\WSUS Force Update

:: check that the listfile is there
if not exist %LISTFILE% (
echo Listfile %LISTFILE% not found. Create it and try again.
exit /b 1
)

:: Finally, all checks done, let us do our work in a for loop
for /F %%i in (%LISTFILE%) do (
REM 1. net use if ADMPASS has got no space character the
REM double quotes may be removed
net use \\%%i\C$ /user:"ADMIN USER\DOMAIN" "PASSWORD"

REM 2. copy updat... Read more

Read other 1 answers
RELEVANCY SCORE 44.4

Hi there,
I am facing difficulty in using pcexec , i am simply trying to use an ipconfig command and remote pc.
both PCs are win Xps
psexec \\10.10.xx.xx -u XXX -p XXX ipconfig
but all am getting is
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich

Could not start PsExec service on 10.10.XX.XX:
Access is denied.      HELP PLEASE

A:Could not start PsExec service

it should be something like this
psexec \\marklap cmd
ipconfig
after you connect to the remote cmd then you issue "ipconfig"

Read other 10 answers
RELEVANCY SCORE 44.4

Hello Fangzhou CHEN,

Per your instructions below.  Is the U/P my admin info or the users?  Please advise.

We could use the PsExec tool to conduct the remote control.
1. Download the tool and copy to file to C:\Windows\System32

2. Run cmd as administrator
3. We could run the command psexec  \\ <computername >
-u <username> -p <password> <command>to run command in remote computer.

Read other answers
RELEVANCY SCORE 44.4

Hi Guys I know there's probably a lot of these on these forums but when i type in the command

psexec \\computername cmd it says access is denied

I am running cmd as admin and havn't tried anything else,
i'm not very good with cmd so would someone please help?

Thank you

A:psexec access is denied

You need to supply username and password.

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Read other 9 answers
RELEVANCY SCORE 44.4

am in the process of putting a batch file together to detect and force microsoft updates to a machine or a group of machines using PSEXEC.exe and a VBS script created by Rob Dunn and posted over at the forums at www.wsus.info.

I have listed below the steps needed to complete this task and would like it put together (if possible) in a batch file, UPDATE.VBS is the name of the script that I copy over to the machine and the PSTOOLS dir is the directory that PSEXEC resides in.

If I run these commands one at a time everything runs well, I would just like to know if it is possible to make this a "one step process"?
Ok here are all the cmds I need in order to run the script

1. net use \\TARGETMACHINE\C$ /user:"DOMAIN\DOMAIN USER"

2. copy update.vbs \\TARGETMACHINE\C$\update.vbs

3. exit back into PSTOOLS directory

3. psexec.exe \\TARGETMACHINE -u "DOMAIN\DOMAIN USER" -p PASSWORD -e -i cmd.exe /c cscript.exe //B C:\UPDATE.vbs
I have tested this on multiple machines and everything is running well. Any suggestions on how to set this up in one batch file? Of course I will eventually setup the PSTOOLS dir on a network drive instead of my local machine.
 

A:Using PSEXEC and VBS script with WSUS

Ok after a few weeks of playing around with the script and lots of help from Karlchen over at http://forum.sysinternals.com/default.asp I got it running, it goes a little something like this:

@echo off
:: Programme: remoteupd.bat
:: Function : copy update.vbs to \\target
:: launch update.vbs on \\target using psexec
:: &nbs p; will read computerlist.txt and launch update.vbs on each
:: &nbs p; of the hostnames\IPs inside the file
:: Status : third draft, arguments given on commandline, uses a listfile
:: Note : we will assume "computerlist.txt" is located in F:\Work Applications\WSUS Force Update, too.
:: Usage : remoteupd.bat adminuser password
::
:: Check that 2 arguments have been given on the commandline
if "%2"=="" (
echo usage: remoteupd.bat adminuser password
echo Try again.
exit /b 1
)
set ADMUSER="ADMIN USER\DOMAIN"
set ADMPASS="PASSWORD"
set LISTFILE=computerlist.txt

:: go to the source folder
f:
cd \Work Applications\WSUS Force Update

:: check that the listfile is there
if not exist %LISTFILE% (
echo Listfile %LISTFILE% not found. Create it and try again.
exit /b 1
)

:: Finally, all checks done, let us do our work in a for loop
for /F %%i in (%LISTFILE%) do (
REM 1. net use if ADMPASS has got no space character the
REM double quotes may be removed
net use \\%%i\C$ /user:"ADMIN USER\DOMAIN" "PASSWORD"

REM 2. copy update.vbs
copy update.vbs \\%%i\C$\update... Read more

Read other 1 answers
RELEVANCY SCORE 44.4

Hi,
I have a question regarding psexec or an alternative perhaps? Basically, I have a batch file I made, that I want to allow a friend from a remote machine to exec. However, I want him ONLY to be able to exec this file, and not mess around anywhere else on the machine. Psexec gives too much privilege and he could open other things, etc. I did come across the program RemoteExec, but after the 15 day trial that won't be of much value to me(not paying 400$ for this singular occurrence). Any ideas or help would be GREATLY appreciated!!!

Thanks
 

A:Psexec related question

Why do you want to give remote access to this file? This kind of sounds like a classroom project you are trying to get help with.

At any rate, what about installing Apache web server and having the file access granted through the webserver?
 

Read other 1 answers
RELEVANCY SCORE 44

This is an interesting one.

I have a virus on my system that has hidden all of my files, changed security policies on my machine such that most antivirus tools will not install, and then deleted secpol.msc out of the system32 folder, so that I appear to have no way to change local policies.

I used an unhide program to make my file system viewable again, but I am at a loss as to where to go from here, and am leaning toward reloading windows, though there are conflicts with that as well.. In any case, if someone knows how I can get local security policy settings back on this system, I would appreciate it. As it stands, hijack is not an option, nor are a host of other programs I tried.

Thanks!!
 

A:Some virus, hid all files, altered sec policies, and then deleted secpol.msc??

Any advice on this one? If nothing soon, I will begin prep for reload of windows..
 

Read other 1 answers
RELEVANCY SCORE 44

I have a Windows 7 32-bit workstation in a workgroup. For the past few weeks, our vulnerability management scanner has not been able to scan this particular machine. I added the registry value of LocalAccountTokenFilter to disable remote UAC to be able to
scan. I am able to manually scan after I make the change but if the machine reboots, or if I log out after making that change, everything reverts back to default.
This happens when I make any Local Security Policy change as well. If I make any changes to the UAC options, they are completely undone after I logoff my session or reboot. Has anyone seen this problem, and know a fix for it? Any help will be so appreciated!
Jasmin

Read other answers
RELEVANCY SCORE 43.6

Has anyone experienced this or similar recently? We've seen multiple unrelated clients get hit with something that resembles a worm. It appears to use mimikatz to steal passwords for the currently logged on user (Active Directory) and then reaches out to other PCs on the network and uses psexec to run something. I assume it's trying to steal the next computer's username/password and so on. Processes can be seen in Task Manager running under other user accounts that are NOT logged into the PC. The users (which have never otherwise logged into the PC) then have profiles in C:\users. This process leaves the PSEXECSVC Windows service (visible in services.msc) and saves mimikatz.exe and other random KB_______.exe and ms_______.exe files in C:\ProgramData and C:\users\username\appdata\roaming and \appdata\local\temp. It seems to disable the Windows Firewall and Windows Update services, and it breaks Show Hidden Files so it can't be turned on or off.
 
Users have complained of audio/music playing in the background, and we've found .mp3 files in c:\users\username\appdata\roaming. It's hard to recover from this because cleaning the PCs one by one is great until an infected one is turned back on with network connectivity and hits all the cleaned/rebuilt ones again.
 
The thing that's most worrying to me is that I can't find much about this online. This appears to be the closest thing: http://blog.cylance.com/operation-cleaver-net-crawler
 
Any ideas what t... Read more

A:Some type of worm using psexec and mimikatz?

First thing first, it would have to eb running at domain adminlevel to execute through psexec, so change the administrators password pronto.
Also setup a group policy to disallow psexec.exce from running on C:\*
Thirdly make sure no user account has admin rights, ecspecially global admin rights or local admin rights.
If its conencting to each amchine IPC$ then im assuming it has the Domain\Administrator account token/password.

Read other 7 answers
RELEVANCY SCORE 43.6

I am looking psexec commands to fulfil below requirements
1) copy file into C:\temp on remote machines including bat file and source files
2) Install using batch files (EXE file using batch file)

looking sample psexec commands to install EXE, MSI, WSU, bat, cmd etc

Read other answers
RELEVANCY SCORE 43.6

Hi Tech Support,
I got below error when using psexec on remote computer (india). user123 is admin at india. Admin$ and IPC$ can access without error. Please help....
psexec \\india -u india\user123 -p [email protected] -h cmd
Error establishing communication with PsExec service on india:
Access is denied.

Read other answers
RELEVANCY SCORE 43.6

I know how to reset gpedit.msc to default policies setting but not know how to do it in secpol.msc to default.

Read other answers
RELEVANCY SCORE 43.2

I have created a couple batch files to easily update firefox on users computers. See the scripts below.

This executes a batch file on all computers listed in the firefoxusers.txt file.
Code:
psexec @firefoxusers.txt -u [I]AdminUsername[/I] -p [I]password[/I] c:\installers\firefox.bat
This is the file that is executed from the one above to install the file silently from a shared drive.
Code:
pushd \\server\applications\firefox

firefoxsetup.exe -ms

popd
My problem is that when I run this script I have no idea if the software was installed correctly or not. I am looking for a way to just output what was run so I can go through and see if anything failed.

Any help would be appreciated.

Thanks
 

A:Solved: Output log file from PSExec batch

Not sure if Redirection will work or not.
http://www.robvanderwoude.com/redirection.php

You could try this.
psexec @firefoxusers.txt -u AdminUsername -p password c:\installers\firefox.bat 2> errorlog.txt

or inside your batch file. Not sure if this one witll work or not.
firefoxsetup.exe -ms 2> \\server\applications\firefox\errorlog.txt
 

Read other 2 answers
RELEVANCY SCORE 43.2

Hi,

After migrating on Windows 10 from Windows 8 when using psexec I've started to recieve an error message when enumerating domain. Error is "A system error has occurred: 53". On other machine where still Windows 8 is installed everything works fine. 
When I use psexec \\pcname command is executed without problems, but when I use psexec \\* I've get  "A system error has occurred: 53"

Sorry for bad english :)

Thanks.

Read other answers
RELEVANCY SCORE 43.2

I am looking psexec commands to install exe
scenario:
I had copied source folders \\server1\test  into  designation (C:\windows\test) via PowerShell
now I am looking psxec complete command to run exe on remote machines (remote machines will take from txt file)
PSEXEC syntax or command  to run exe on multiple machines 

Read other answers
RELEVANCY SCORE 43.2

Ok imma give a full rundown of the situation. Currently on the network we are on because of the way it is setup wake on lan doesn't work, so SCCM has at best a 70 success rate for patching. So I am currently spending a couple days a week remoting into computers and running a batch file to manually update computers. I need a way, that isn't psexec to execute a batch file on a remote computer. If anyone has any ideas they would be greatly appreciated.

Additional Notes
- Batch file is on share drive atm.

A:Run Batch File On Remote Computer Without PsExec

So, you are using RDP and remotely logging into the computer? If that's the case, you should be able to put the batch file on a network share, and then execute it while you are in the RDP session.

Read other 9 answers
RELEVANCY SCORE 42.8

I am looking PSEXEC command to install msu files on mutiple machines or list of computers. looking setps to copy msu file locally and install via PSEXEC

Read other answers
RELEVANCY SCORE 42.8

Hello.I have a Windows XP Pro SP3 with several problems:* I cannot accede to http: // es.mcafee.com from Firefox or Internet Explorer.* I cannot update the antivirus Mcafee. In addition, before its icon appears close to the clock on the task bar and now it does not appear.* On having looked for something in google in the Firefox, some links open windows with porn and mobiles. In Internet Explorer it works well.* The Firefox crushes when you sail with it (version 3.0.8).* Emulate also crushes on having executed.* Spyboot Search and destroy does not find anything.* Mcafee has not found anything (one week ago had the virus of the double tilde that it could erease).* SuperAntiSpyware does not find anything.* Malwarebytes ' Anti-Malware does not find anything either.* WebRoot finds a HackTool App/Psexec-Gen and Bullet Proof Software Spyware but since I do not have a subscription cannot eliminate them.I can't open Mcafee's page from the fail-safe mode with network's funtions either.HitJack log is this:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:50:35, on 02/04/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService .exeC:\WINDOWS�... Read more

A:HackTool App/Psexec-Gen and Bullet Proof Software Spyware

I see you have Quadruple posted http://forum.securitycadets.com/index.php?showtopic=10287http://www.security-forums.com/viewtopic.p...48934e99b8d813fhttp://www.bleepingcomputer.com/forums/lof...hp/t216359.htmlhttp://forums.techguy.org/malware-removal-...mcafee-web.htmlAll Malware Removal/Hijackthis forums greatly frown on anyone that double, triple or quadrupile posts, as it creates back logs and wastes our time! Since you are receiving help Katana at Security Cadets I am closing this thread.

Read other 1 answers
RELEVANCY SCORE 42.4

I recently scanned my computer with Malwarebytes Anti-Malware, Spybot Search & Destroy, and Avira AntiVir personal.MBAM and SB S&D came up with nothing but Avira did. This is the 2nd time this month that Avira detected "appl/psexec.e" found in "C:\System Volume Information". There are 3 different instances in the Quarantine.Please look through my HJT log to help stop this recurrence.Also, users on this computer use Firefox Portable from portableapps.com run from 2 different USB drives. Both equppied with the add-ons NoScript, AdBlock Plus, and Web of Trust (WOT) to better protect us from viruses & etc.Thank you for your time.- - - - -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:17:23 AM, on 5/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:&... Read more

A:Avira detects appl/psexec.e reoccured 2nd time this month

Hi PixelPlay,Sorry for the delay the forums here at BC are always very busy and we do are best to keep up. Sinceyour log is quite old and alot could have changed, I would like to see a new log please. If you nolonger require any help could you let me no please, so this topic can be closed.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

Read other 18 answers
RELEVANCY SCORE 42.4

Hi,
I am trying to execute psexec command to remote machine.
My command is
psexec -u domain\user -p password \\machineName -c abc.bat
I am trying from windows 7(64 bit)  machine. The remote machines are xp and windows 7(32 and 64 bit).
In XP machines, it is working and also in some windows 7 machines. But in some windows 7 machines it give message-
"Could not start PsExec service on target machine.
Access is denied."
 
If I try to execute psexec command from XP machines, it works to all machines.
Suddenly what happen I do not know but one of the windows 7 machine( where psexec was not starting) , psexec started. but not in other machines.
Now I am very much confuse here exactly what happen. and what is the issue.
Please help. It urgent.
Thanks.

A:Could not start PsExec service on target machine. Access is denied.

Hi,

 

When opening the Command Prompt, please right click it and run as Administrator. Meanwhile, make sure the user has administrator privileges on target PC. If the issue
persists, try to disable UAC on both sides.

 

As far as I know the Security Level on Windows 7 is higher than the level on Windows XP.  Therefore, 'psexec' works to all machines.

 

Best Regards,

Niki
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Read other 20 answers
RELEVANCY SCORE 38

I uninstalled Trend Micro this morning and installed the free Avira Antivirus. It detected "psexec.cfexe" which has something to do with the "APPL/PsExec.E application". I have included a copy of the scan results as well as a HJT log.

Avira AntiVir Personal
Report file date: Sunday, 9 August 2009 11:26

Scanning for 1618860 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : A-PC

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 05:06:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 02:28:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 03:05:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 02:28:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 04:00:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 00:51:42
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 3/08/2009 01:54:52
ANTIVIR3.VDF : 7.1.5.85 445952 Bytes 7/08/2009 01:55:08
Engineversion : 8.2.0.248
AEVDF.DLL : 8.1.1.1 106868 Bytes 28/07/2009 05:01:50
AESCRIPT.DLL : 8.1.2.23 455033 Bytes 9/08/2009 01:55:50
AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 01:29:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23/07/2009 01:29:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/07/2009 05:01:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 01:29:39
AEHEUR.DLL : ... Read more

A:Avira detected "psexec.cfexe"?

Read other 6 answers
RELEVANCY SCORE 36

Hello.
I like to run a program like "explorer.exe" via "PsExec" but when I did "psexec.exe \\remote IP explorer.exe" then never happened. Why?

Thank you.

Read other answers
RELEVANCY SCORE 34

Got a new router to replace my old Linksys BEFW11S4. This one is a Netgear WGR614.

Before, I would forward port 5900 to 192.168.1.101 then I would use my Internet IP Address with VNC Viewer from a Remote Location to access it.

Even when I forward the port to my current IP addy now ( 192.168.1.3 ) it refuses to access it from a remote location ( I just get a timeout error )

Anyone have any clue why?

Thanks
 

A:Why Can't I VNC Remotely?

Read other 6 answers
RELEVANCY SCORE 33.6

I need some help if at all possible. I do not know if it is hardware or software related. I purchased a Dell laptop online for my mother and after 6 months, it has been remotely frozen through the web browser. A message appears that the laptop belongs to Everest College and to contact them. I called the college and the guy said it had belonged to a student who leased it from the school. The student left the school and never returned the laptop. The guy kept pushing me to return the laptop without any regard to the money I would be losing. He even went as far as to tell me that they billed the student for the laptop and still want the laptop back. I had read some articles about Everest College and how they were involved in tuition fraud, but this behavior baffled me. Maybe I am being selfish, but my mother has MS and usually stuck in her house, the internet has become her window to the outside. I can not afford to buy another one right now. I reformatted the hard drive and installed windows 7 on the machine and in a matter of minutes, the message was back on the laptop.
Can someone please help me with this issue?
 

A:Remotely Frozen

Whether you knowingly or unknowingly purchased stolen merchandise we cannot help. Maybe you can negotiate a middle position with the school, or maybe an attorney can help. Sorry; closing this.
 

Read other 1 answers
RELEVANCY SCORE 33.6

I have Vista OS and got bluetooth and WIFI...

I wonder how can i turn on PC remotely.... It would be awesome if there is it.
 

A:How to turn on PC remotely?

There is no way to turn it on if it is completely off, however if it is hardwired into the network (not wifi) you can use a WOL (Wake On Lan) program to wake it up remotely. Sleep mode is almost completely off and consumes hardly any power, I used to have WOL setup for remotely waking up my server, you can even get Iphone apps for it.
 

Read other 3 answers
RELEVANCY SCORE 33.6

I am looking for a good way to remotely wake-up my computer from sleep mode so that I may use TeamViewer to access my home desktop while traveling abroad. I currently have Task Scheduler set up to wake my home pc once each hour for 10 minutes, providing me with a specific window of time to log on if the need arises. If I do not remote-in, the pc is set-up to go back to sleep after 10 minutes (although it doesn't always do that for some reason).

If you know of a better method, I'd love to hear about it. Security is my #1 concern.

Thanks in advance!

Read other answers
RELEVANCY SCORE 33.6

I left my pc running while I was out and when I came back I moved the mouse to bring my screen back to life only to see that a couple of windows was open, one on "the ranchi Board" web page, which is I beleive to be a child porn website, and my download manager in Firefox was downloading like 20 files, some of them with child porn file names. In my running program icons, there was a little yellow and red circle (i just found out it is ZOLVED). It took maybe 10 seconds and everything closed up and I dont know what happened. Could somebody help please, i'm kinda panicking here. Is it possible that somebody is downloading illegal stuff remotely? And how do I stop this?

A:Somebody was downloading remotely with my pc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:28 PM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
D:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV H... Read more

Read other 5 answers