I followed the code along and watched as it hit "if self_delete = "y" then" it goes through the if statement and executes the code within but doesn't actually delete its self. has anyone else had this problem?
Also this audit_script seems like it's going to be a pretty large security risk. having admin credentials stored in plain text in the windows folder that the user has to be able to view is pretty bad. why is no one else talking about this?
Fixed by adding "-s" which is the "run as system" option in paexec.
$command_string = 'c:\xampplite\open-audit\other\paexec.exe \\\\' . $ip . ' -s -u ' . $domain . $username . ' -p ' . $credentials->credentials->password . ' cmd /c "' . $command . '"';
$log->command = 'c:\xampplite\open-audit\other\paexec.exe \\\\' . $ip . ' -s -u ' . $domain . $username . ' -p ****** cmd /c "' . $command . '"';
Which version of Open-AudIT and the Windows audit script are you using? Please make sure the account you are using to run the script has the right to delete it on the platform you're auditing.
I'm using 2.0.11, i have credentials set shouldn't it be using those to run the delete? i didn't look closely at that part of the code but i assumed it did impersonation as well.
We are working to duplicate this issue in our lab. Can you tell us the OS on your Open-AudIT server as well as on the machine you were observing this behavior on. Also, could you please forward a copy of the deployed Windows audit script to us at email@example.com that you were using to test (please obfuscate the credentials).
The server version is 2016, email it sent.
Windows Server 2016.
Powered by a free Atlassian Confluence Open Source Project License granted to Opmantek. Evaluate Confluence today.