PSEXEC vs Powershell
¿What is your opinion about this debate?¿What do you prefer like system administrator?
Best Regards,
David.
Best Regards,
David.
PSexec is used for things like Ransomware, I use powershell and winRM which can be secured.
PSexec is used for things like RansomwareNo. It's a sysadmin tool for those that weren't just junior MSCE GUI only admins.
It was useful back before powershell came around. After Microsoft finally decided to hire Mark Russinovich, powershell became more useful so that you don't need psexec any longer. It was the go to tool for any real sysadmin that needed to script things just like they would in the Unix world. It made Windows almost as easy to manage as Unix.
It's time to learn Powershell, since Mark is no longer really updating his pstools. As of today, the last update was July 4, 2016.
#####
If it's being used for Ransomeware, it's only because they've finally figured out how to use psexec, not because it's a ransomeware tool. Block psexec, then they'll start to learn how to use powershell. They only haven't because they're learning from their peers who are learning from online code in blog posts years after they were more useful, not sysadmins that actually know what they're doing.
I've switched to Powershell, ever since it became command complete in server 2012, but I used to use psexec for stuff that Group policy wasn't doing well, such as software installs and updates of 3rd party software, and monitoring the systems without having to go to each any every desktop when I have 30 to 120 systems to set up at the same time. Now you can do it with powershell.
Psexec is a ransomeware tool, the same way that powershell is a ransomeware tool.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
With great power comes great responsibility. In this day and age the .net crypto api is used a lot for normal communication over the network (encrypted smb/internet https ) these api's can be used to encrypt files as well.
both psexec and powershell remoting have their uses and advantages and disadvantages . i.e. you can use a slot screwdriver to remove a phillips head screw
both psexec and powershell remoting have their uses and advantages and disadvantages . i.e. you can use a slot screwdriver to remove a phillips head screw
No. It's a sysadmin tool for those that weren't just junior MSCE GUI only admins.
Actually wannacry used it to transfer between machines.
I know exactly what it is, exactly what it can do and you should probably read up a little more
https://www.theverge.com/2017/6/27/15883110/petya-notpetya-ransomware-software-update-wannacry-exploit
You can use powershell the same way. Psexec has no more extra access than powershell. It is written to use your Windows Credentials. You can't run psexec on the remote computer that you don't have access to. It just happens to be the expedient tool they used. You could write your own C code to gain access the same way.
PS Remoting allows for much more control over the session - who may connect, with particular accounts, in restrictive environments and much more. But setting that up is complex.
A simple WinRM configuration for PS Remoting is comparable to PsExec - but if you need to provide a diffent account than the executing, you don't need a plain text password (oppossed to PsExec).
Also, PsExec can only provide a simple shell interface, while PS Remoting exchanges objects (stripping off the original methods, though).
However, WinRM requires a setup on clients; only servers are allowing (admin) remote sessions by default. PsExec works without setting up anything.
A simple WinRM configuration for PS Remoting is comparable to PsExec - but if you need to provide a diffent account than the executing, you don't need a plain text password (oppossed to PsExec).
Also, PsExec can only provide a simple shell interface, while PS Remoting exchanges objects (stripping off the original methods, though).
However, WinRM requires a setup on clients; only servers are allowing (admin) remote sessions by default. PsExec works without setting up anything.
But somehow you still cannot run or execute the .BAT script remotely even using PSexec as Domain\administrator.
But somehow you still cannot run or execute the .BAT script remotely even using PSexec as Domain\administrator.That just means you didn't fully understand how psexec worked. You needed to put the batch on a file share accessible to the system you wish to run or copy it over to the remote system and you can run psexec on a batch file. The batch file runs in the context of the remote environment, so you need to place it where you can access it from that remote environment and remote environment variables, if that's where you plan the operations to occur.
Yes, I did that already, I've placed that into the \\domain.com\NETLOGON directory.
I like psexec. Its a nice tool if you want to run a few commands on a bunch of remote computers.
PowerShell is a completely different beast. Its a lot more flexible and expandable.
You can do things with it you'll never be able to do with a command line batch.
So, I love PowerShell :-)