Solved

PSExec runs with any or no credentials after running once.

Posted on 2007-11-22
7
1,162 Views
Last Modified: 2013-12-04
Hi,

After a fair amount of hassles and great advice from EE users, I was able to run a vbscript on a remote server. ( http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_22789041.html )

It works so wel now that it'll work with any username and pasword or even no username & password.

C:\Windows\System32\PSExec.exe \\192.168.10.111 wscript \\192.168.10.111\Export$\Export.vbs -accepteula -e -u 666666666666666 -p 9999999999999999999999

This code works even though the user doesn't exist. ?!?!?!?

PSExec seems to have locked the credentials or is using the system account.
The import results in Exact shows that it worked.

I have tried stopping the psexec service on the remote Win2K3 server and tried running the command again. This gave me the same result.
I am connected via a Cisco VPN client, which users different credentials than the ones the script should be using.

Anyone know what's happening?

0
Comment
Question by:DennisPost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 8

Assisted Solution

by:ubig
ubig earned 250 total points
ID: 20334615
Run at command line command NET USE. If you see connection to \\RemoteServer\IPC$ or to any RemoteServer disk drive, remove it by typing net use \\RemoteServer\IPC$ /del. Could be that somehow interprocess communication channel is created so you have to deactivate it.
0
 
LVL 2

Author Comment

by:DennisPost
ID: 20334735
Hi,

Thanks for commenting. :-)

Net use doesn't display any \IPC$

It does display \\192.168.10.111\Export$. I run "net use \\192.168.10.111\Export$ /del" and successfully removed it.
Windows explorer no longer allows me to connect to it. It cannot find it or I might not have permissions to it. It does not promt me to enter a username and password.

When I run the command again I get:
Couldn't access 192.168.10.111:
The specified user does not exist
This is also returned when using the administrators account and another non-admin account.

The VPN connection is still open.
I can ping the remote machine.
RDP to the remote machine works fine.
0
 
LVL 8

Assisted Solution

by:ubig
ubig earned 250 total points
ID: 20334893
Check if PSEXEC command works locally on the LAN to find out if that could be a VPN problem or local computer problem. If it works locally then it is very likely that your VPN connection somehow blocks Windows authentication. Try to open up everything for your VPN connection on router side and locally. If you are using domain accounts then you have to ensure you can reach all your domain controllers as they provide authentication and you can't tell in advance which one will. You could also try PSEXEC with remote server local account if that is not a domain controller (they don't have local accounts).
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:DennisPost
ID: 20404328
Sorry for the delay.

PSEXEC works fine on the lan.
I have no rights to do anything ith the VPN box.
All DCs are available.

I just used Process Monitor to find out what is going on.
The file I am starting imports financial data into a financal system.
The information does go into the system but does not save the XML with failed invoices in the right place.
For some reason it is saving it in the my documents folder of Default User. Instead of the my documents folder of the user used with PSExec.
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 250 total points
ID: 20522834
Hi Dennis, would it be possible that you have some sort of cached credentials for the 192.168.10.111 resource?  Check in Control Panel --> User Accounts --> Manage User Accounts and see if there are any cached credentials for that resource.  If there is, remove them and try again.

Secondly, I would check the share and NTFS permissions on the Export$ share on 192.168.10.111.
The Share permissions should be Everyone at Full Control, and the NTFS permissions should be set as restrictive as you need it.  My guess would be that the share may be allowing even non-authenticated users to access it.

Lastly, if that is still not an issue, I'll take a look again at the export.vbs file and see if that may be somehow writing to a non-explicit folder (resulting in the Default User thing).

Regards,

Rob.
0
 
LVL 2

Author Comment

by:DennisPost
ID: 20523922
Hi Rob,

Thanks for the idea's.
I have indeed check both share & ntfs permissions. I have also used Process Monitor to monitor everything on the server. I could see that the script was being run as the expected user but Exact was still dumping the xml in the wrong place.

I have decided to work with this problem instead of against it.
Exact version 380 will allow me to place the xml file with failed invoices in any location I choose.
In the meantime I will just pick up the failed invoices xml from the unexcpected location.

I will close and accept your answers because of the very usefull troubleshooting tips. :-)

Thanks again guys !!
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20526719
No problem.  I hope you can make it run smoothly.

Regards,

Rob.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
OfficeMate Freezes on login or does not load after login credentials are input.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question