locked
Using Psexec to remotely run a program which adds in registry keys using VB.NET.

    Question

  • I'm using Psexec to remotely run a file on a workstation connected to the same network.  The file it's running uses 'Registry.SetValue' to create registry keys.  The registry keys are added within the 'HKEY_CURRENT_USER' area, so impersonating the network domain admin within the VB.NET code isn't an option (I believe).

    Psexec runs the file on the remote workstation, a returned value of 'True' comes back (which was passed to the command-line from the file being run on the remote machine), so I know it's actually running the file remotely.

    I don't feel that Psexec is the problem, but I might be wrong.

    The registry keys aren't being added on the remote machine however.

    I've used the -u [UserName] -p [Password on the Psexec command line, but it's still not working.  I've used the -l, -e, -s arguments as well.  I don't feel it's how I'm running Psexec, but most likely the code in the file being run remotely.

    The file being run remotly, when ran on that remote machine within the command line works fine.  I'd like to impersonate the user logged in on that machine, but I don't have access to their Active Directory password (of course).  If anyone knows how to impersonate the user logged in without requiring the password, I'm open for input.

    Does anyone have any suggestions I might try?

    Thank you for your assistance.


    Newbie
    Friday, June 18, 2010 5:26 PM

Answers

  • I found the answer through someone in another forum.

    I got the logged in user (with 'psloggedin'; sysinternals program), got the registry user id when providing that logged username (with 'psgetsid'; sysinternals program), and used 'psexec' (sysinternals program), passing in the registry user sid.  The program remotely being executed then made the direct registry entries under that registry user sid (using 'Registry.SetValue').


    Newbie
    • Marked as answer by Jeff Roper Friday, December 16, 2011 5:58 PM
    Wednesday, June 30, 2010 5:51 PM