RE: PSExec starting stopping

Tue, 22 Sep 2009 10:27:31 -0700 

Hardly voodoo, someone with administrative privileges is doing it and
their ID  is in the User: field of the 7035 stop/start events from the
SCM...at least it is on my systems.

 

From: David W. McSpadden [mailto:[email protected]] 
Sent: Tuesday, September 22, 2009 9:47 AM
To: NT System Admin Issues
Subject: Re: PSExec starting stopping

 

Yeah but it is voodoo if I am not the one sending the commands....

 

        ----- Original Message ----- 

        From: Free, Bob <mailto:[email protected]>  

        To: NT System Admin Issues
<mailto:[email protected]>  

        Sent: Tuesday, September 22, 2009 12:41 PM

        Subject: RE: PSExec starting stopping

         

        Psexec installs itself as a service on the fly and uninstalls
automatically (most of the time) when it's completed whatever  you had
it do with a clean exit. Always has. If you check the SCM while it is
doing something, you will see it running under the credentials you
specified on the command line.

         

        Same for PSKill and some of Mark's other utilities. That's how
he accomplishes some of the remote magic..of course running them a Local
System when necessary also helps. J

         

        "PsExec starts an executable on a remote system and controls the
input and output streams of the executable's process so that you can
interact with the executable from the local system. PsExec does so by
extracting from its executable image an embedded Windows service named
Psexesvc and copying it to the Admin$ share of the remote system. PsExec
then uses the Windows Service Control Manager API, which has a remote
interface, to start the Psexesvc service on the remote system"
http://windowsitpro.com/Windows/Articles/ArticleID/42919/pg/2/2.html

         

         

         

        From: David W. McSpadden [mailto:[email protected]] 
        Sent: Tuesday, September 22, 2009 7:51 AM
        To: NT System Admin Issues
        Subject: PSExec starting stopping

         

        I noticed in a member server event log this morning PSExec
service stop, start, stop start???

        I don't remember installing PSExec on this machine especially as
a service???

        <Flame:ON>

         

         

         

         

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to