Jump to content

Wipe Windows 10 with Run Command Task

bfog

By bfog,
in Remote Management

 Share
Go to solution Solved by Marcos,

Recommended Posts

bfog

bfog 1

Posted
Posted

Hi there

It's been a week since I started trying to copy psexec to [c:\windows\temp] and call it with elevated rights to start a ps script to factory reset Windows 10 remotely. Atm I can't run "psexec -s Wipe-Script-Windows10.ps1" without having admin rights in cmd. Did anyone else had luck regarding this or has an even better solution? The wipe-script works fine btw

thank you for your help

 

cheers

Link to comment
Share on other sites
itman

itman 1,139

Posted
Posted

Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution.

Have you checked your Eset logs for such a blocked entry?

Link to comment
Share on other sites
bfog

bfog 1

Posted
  • Author
Posted
4 minutes ago, itman said:

Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution.

Have you checked your Eset logs for such a blocked entry?

I did check the logs, no blocked app.

the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1

When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd?

Link to comment
Share on other sites
bfog

bfog 1

Posted
  • Author
Posted
Just now, bfog said:

I did check the logs, no blocked app.

the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1

When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd?

Also I am not running psexec remotely - I am placing it in c:\windows\temp via curl with an ecmd task

Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 3,983

Posted
  • Administrators
  • Solution
Posted

If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work.

Link to comment
Share on other sites
itman

itman 1,139

Posted
Posted (edited)
16 minutes ago, bfog said:

is there any way to run cmd with elevated rights from ecmd?

No, as far as I am aware of. You can run emcd from a script, but ecmd will only run dedicated Eset command line options.

Ref.: https://help.eset.com/ees/9/en-US/?idh_config_ecmd.html

Edited by itman
Link to comment
Share on other sites
bfog

bfog 1

Posted
  • Author
Posted
31 minutes ago, Marcos said:

If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work.

That actually does work... thank you very much!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...