2 answers
- 10-1
Fixed by adding "-s" which is the "run as system" option in paexec.
$command_string = 'c:\xampplite\open-audit\other\paexec.exe \\\\' . $ip . ' -s -u ' . $domain . $username . ' -p ' . $credentials->credentials->password . ' cmd /c "' . $command . '"'; $log->command = 'c:\xampplite\open-audit\other\paexec.exe \\\\' . $ip . ' -s -u ' . $domain . $username . ' -p ****** cmd /c "' . $command . '"';
Add your comment... - 10-1
Hello dschumm,
Which version of Open-AudIT and the Windows audit script are you using? Please make sure the account you are using to run the script has the right to delete it on the platform you're auditing.
- dschumm
I'm using 2.0.11, i have credentials set shouldn't it be using those to run the delete? i didn't look closely at that part of the code but i assumed it did impersonation as well.
- Mark Henry
We are working to duplicate this issue in our lab. Can you tell us the OS on your Open-AudIT server as well as on the machine you were observing this behavior on. Also, could you please forward a copy of the deployed Windows audit script to us at support@opmantek.com that you were using to test (please obfuscate the credentials).
- dschumm
The server version is 2016, email it sent.
- dschumm
Windows Server 2016.
Add your comment...
I followed the code along and watched as it hit "if self_delete = "y" then" it goes through the if statement and executes the code within but doesn't actually delete its self. has anyone else had this problem?
Also this audit_script seems like it's going to be a pretty large security risk. having admin credentials stored in plain text in the windows folder that the user has to be able to view is pretty bad. why is no one else talking about this?