bfog 1 Posted December 1, 2021 Posted December 1, 2021 Hi there It's been a week since I started trying to copy psexec to [c:\windows\temp] and call it with elevated rights to start a ps script to factory reset Windows 10 remotely. Atm I can't run "psexec -s Wipe-Script-Windows10.ps1" without having admin rights in cmd. Did anyone else had luck regarding this or has an even better solution? The wipe-script works fine btw thank you for your help cheers
itman 1,921 Posted December 1, 2021 Posted December 1, 2021 Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution. Have you checked your Eset logs for such a blocked entry?
bfog 1 Posted December 1, 2021 Author Posted December 1, 2021 4 minutes ago, itman said: Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution. Have you checked your Eset logs for such a blocked entry? I did check the logs, no blocked app. the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1 When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd?
bfog 1 Posted December 1, 2021 Author Posted December 1, 2021 Just now, bfog said: I did check the logs, no blocked app. the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1 When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd? Also I am not running psexec remotely - I am placing it in c:\windows\temp via curl with an ecmd task
Administrators Solution Marcos 5,725 Posted December 1, 2021 Administrators Solution Posted December 1, 2021 If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work. bfog 1
itman 1,921 Posted December 1, 2021 Posted December 1, 2021 (edited) 16 minutes ago, bfog said: is there any way to run cmd with elevated rights from ecmd? No, as far as I am aware of. You can run emcd from a script, but ecmd will only run dedicated Eset command line options. Ref.: https://help.eset.com/ees/9/en-US/?idh_config_ecmd.html Edited December 1, 2021 by itman
bfog 1 Posted December 1, 2021 Author Posted December 1, 2021 31 minutes ago, Marcos said: If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work. That actually does work... thank you very much! Aryeh Goretsky 1
Recommended Posts