Pages

Tuesday, July 20, 2010

Pstools part 2: preparing a client

After discovering pstools, I wanted to write a batch file to make clients more compliant to pstools. I got the grand idea of putting the batch file in the netlogon script of all the users; so all the clients would magically get compliant once a user logs on that specific machine. But alas, this plan fails, because you need system rights or admin rights to run the commands e.g. reg.exe and net.exe, to bore a hole in the local firewall (also, the group policies must be setup accordingly so that admin users have these rights).

To make a computer compliant you have to either image/ghost over the to-be compliant machine with an already compliant image or run this batch file and pray that it works. Or login with a superuser account on the target client machine and run this from netlogon (netlogon is to expedite things, but this is not compulsory), as I described earlier.

This command also works on most windows (professional edition) clients:
runas /user:administrator script.bat

or

runas /user:administrator@your-ad-network.tld script.bat



@echo off
REM Make pstools and rdp work on all client machines and add local superuser
echo "-- Make client compliant for pstools --"
REM pstools - make compliant from registry
reg add "hklm\system\currentcontrolset\control" /f /v SCMApiConnectionParam /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\loggedon" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\psexec" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\psfile" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\psgetsid" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\psinfo" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\pskill" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\pslist" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\psloglist" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\pspasswd" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\psservice" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\psshutdown" /f /v EulaAccepted /t REG_DWORD /d 1
reg add "hkcu\software\sysinternals\pssuspend" /f /v EulaAccepted /t REG_DWORD /d 1
netsh firewall set portopening TCP 445 ENABLE
REM md %windir% - give -c a location to push
REM net share admin=%windir%
EXIT

I also wrote the following script to create a default rdp (remote desktop) local admin user account to see from rdp what pstools is doing to the (remote) local user; Caveat! Don't let the password get intercepted:

@echo off
echo "-- Make client compliant for rdp (remote desktop) --"
REM "remoteadmin" user (XP machines, untested on vista or 7)
reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
net user remoteadmin Supersecretpassword123 /Add
net localgroup administrators remoteadmin /Add
reg add "hklm\software\microsoft\windows nt\currentversion\winlogon\specialaccounts\userlist" /f /v remoteadmin /t REG_DWORD /d 0
EXIT
Posted by at
Labels: , , ,

No comments:

Post a Comment

Please help to keep this blog clean. Don't litter with spam.

Subscribe to: Post Comments (Atom)