bfog 1 Posted December 1, 2021 Share Posted December 1, 2021 Hi there It's been a week since I started trying to copy psexec to [c:\windows\temp] and call it with elevated rights to start a ps script to factory reset Windows 10 remotely. Atm I can't run "psexec -s Wipe-Script-Windows10.ps1" without having admin rights in cmd. Did anyone else had luck regarding this or has an even better solution? The wipe-script works fine btw thank you for your help cheers Link to comment Share on other sites More sharing options...
itman 1,786 Posted December 1, 2021 Share Posted December 1, 2021 Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution. Have you checked your Eset logs for such a blocked entry? Link to comment Share on other sites More sharing options...
bfog 1 Posted December 1, 2021 Author Share Posted December 1, 2021 4 minutes ago, itman said: Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution. Have you checked your Eset logs for such a blocked entry? I did check the logs, no blocked app. the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1 When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd? Link to comment Share on other sites More sharing options...
bfog 1 Posted December 1, 2021 Author Share Posted December 1, 2021 Just now, bfog said: I did check the logs, no blocked app. the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1 When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd? Also I am not running psexec remotely - I am placing it in c:\windows\temp via curl with an ecmd task Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,399 Posted December 1, 2021 Administrators Solution Share Posted December 1, 2021 If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work. bfog 1 Link to comment Share on other sites More sharing options...
itman 1,786 Posted December 1, 2021 Share Posted December 1, 2021 (edited) 16 minutes ago, bfog said: is there any way to run cmd with elevated rights from ecmd? No, as far as I am aware of. You can run emcd from a script, but ecmd will only run dedicated Eset command line options. Ref.: https://help.eset.com/ees/9/en-US/?idh_config_ecmd.html Edited December 1, 2021 by itman Link to comment Share on other sites More sharing options...
bfog 1 Posted December 1, 2021 Author Share Posted December 1, 2021 31 minutes ago, Marcos said: If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work. That actually does work... thank you very much! Aryeh Goretsky 1 Link to comment Share on other sites More sharing options...
Recommended Posts