FYI to all considering implementing the psexec method - Be aware that psexec
passes your username/password in the clear.

Quote from the usage:

"If you omit a user name the process will run in the context of your
account on the remote system, but will not have access to network
resources (because it is impersonating). Specify a valid user name
in the Domain\User syntax if the remote process requires access
to network resources or to run in a different account. Note that
the password is transmitted in clear text to the remote system."

Best Regards,

Andrew Garberoglio, CISSP
Wells Fargo Services, Internet Technology Services

"Let us prepare to grapple with the ineffable itself, and see if we may not
eff it after all"
-Douglas Adams

-----Original Message-----
From: Jonathan Goldberg [mailto:jgoldbergnowldef.org]
Sent: Friday, May 03, 2002 2:20 PM
To: 'focus-mssecurityfocus.com'
Subject: RE: Rolling out patches

To reply to my own post, I came back to my patch-deploying scripts yesterday
for more tweaking, and I came across several improvements on the method I
posted:

For Step 1, I did some more checking and found that the REG tool works on
remote computers. FILEVER, of course, can access any file on an
administrative share. This makes dumping relevant info into a local text
file for parsing very simple.

The major improvement, however, came when I replaced my "Step 3: Use Task
Scheduler" with "Use PSEXEC from the 'pstools' package from the excellent
folks over at www.sysinternals.com."

PSINFO replicates a lot of the functionality of REG and FILEVER, and is
geared towards assisting in the automation of deploying hotfixes, but REG
and FILEVER, on the whole, seem to be more flexible. The toolkit as a whole
is still invaluable.

Jon

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]