Viktor, I appreciate your concern, but I don't actually save the passwords in a batch file.
One can provide rights via the scheduler service for scheduled events, so the password is stored in the registry. For unscheduled events, I'll use my own credentials. The pstools try to use the security credentials of the user launching the command via NT authentication. If you want to use different credentials, you can certainly put them on the command line, or in a batch file, though that would be less secure. -David -----Original Message----- From: Viktor Sokol [mailto:Viktor@;Sokol.us] Sent: Friday, November 15, 2002 12:59 PM To: Sloane, David Subject: Re[2]: [SA-list] Command execs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello David, Like for me, if i want to kill or run something on remote pc i`m using SSH2 connection with Vandyke SSH server and SecureCRT client. I do not think its a good idea to save passwords in a batch files ;-) if some one somehow will get a read only access to you server and you keep passwords in a batch file - you f#$ked ! Even for server side scripts i`m keeping passwords encrypted. I`ve found a better way to check performance of almost everything on NT: Create a web server, running under admin user. give access to local ip only create ASP with checking performance on remote or local server and returning true or false use SA to check URL. Plus, you can get a useful logs from IIS (bytes transferred, time taken, CPU usage for this task etc. you can also add results into IIS logs from ASP. For examle, you checking memory usage, you will add to log files amount of free memory. After that, with eIQ Professional Suite create report from IIS logs every week in Excel or PDF or Word format and send it to yourself. Everything can be done automatically. You will get VERY cool statistic info) NOTE: no passwords in SA or batch files. Friday, November 15, 2002, 11:50:08 AM, you wrote: SD> Well... it's true, many of the *functions* are available in the resource SD> kits, but I believe the execution is far superior in pstools and the SD> features tend to be more advanced. SD> For example, psexec will execute remote commands without installing anything SD> on the host or remote machine, so there's no post-command footprint SD> on either system. If I remember correctly, the remote-command tools SD> in the SD> resource kit require a client and server piece, with a running SD> service. SD> Or pslist - a remote process viewer - is extremely versatile and can provide SD> a wide range of information. You can watch a complete process list, SD> in a SD> command window, on any machine, with a refresh interval that you SD> set. SD> Or psservice - which provides far more detail and more commands than you can SD> manage with "net ___" commands. SD> Or pskill - I have yet to find a hung process that I can't kill, locally or SD> remotely, with this tool. There is nothing this powerful in the resource SD> kits. SD> Some of the tools have gui-application equivalents in the resource kits. SD> These are useful, but can't be easily scripted, limiting their SD> power. SD> The documentation is pretty clear about when you might expose SD> passwords - - SD> ie. as command-line parameters. The tools use your existing priviledges SD> (generally requiring admin level on the remote machine). SD> If you can get someone to test the tools, I think you'll see that SD> they don't SD> diminish security for the host or remote machine. SD> -David SD> -----Original Message----- SD> From: [EMAIL PROTECTED] [mailto:jstone@;mochamail.com] SD> Sent: Friday, November 15, 2002 10:58 AM SD> To: [EMAIL PROTECTED] SD> Subject: RE: [SA-list] Command execs SD> I don't see anything in pstools that isn't available in ms resource kits. SD> Am I mistaken? Getting server mgmt freeware past security always SD> poses a SD> problem in the enterprise. SD> J. SD> ---- Original Message ---- SD> From: [EMAIL PROTECTED] SD> To: [EMAIL PROTECTED] SD> Subject: RE: [SA-list] Command execs SD> Date: Fri, 15 Nov 2002 10:32:09 -0500 >>pstools is a free suite of command-line tools for Windows NT/2000 from >>SysInternals (formerly NTInternals). >> >>SysInternals (www.sysinternals.com) has a wide range of free NT/2000 >>tools (some work with xp, some just NT, etc.), and the source code is >>available for most of them. >> >>They also have a licensed-software branch, Winternals >>(www.winternals.com), that sells more powerful versions of these >>products. >> >>Mark Russinovich and Bryce Cogswell are the primary techs at >>sysinternals/winternals. They've put out NTFSDOS, Fat32 for NT 4, ERD >>Commander, and other interesting tools. >> >>The free tools are big favorites of mine - especially pagedefrag and >>contig. I've got contig scheduled to defragment (not optimize) my >>drive nightly. I use contig and psexec in a cmd file to kick off disk >>defragmentation on >>remote systems. I found that I can do full product uninstalls using >>psexec >>and batch files. >> >>It's incredible stuff - I'd recommend it for anyone managing multiple >>Windows NT or 2000 boxes. >> >> >>-David >> >> >>-----Original Message----- >>From: Mark Seniow [mailto:mseniow@;smsolutions.com] >>Sent: Thursday, November 14, 2002 10:43 PM >>To: '[EMAIL PROTECTED]' >>Subject: RE: [SA-list] Command execs >> >> >>Please forgive my ignorance, but my interest has now been peaked. What >>is pstools? >> >>Thanks. >> >>- Mark >>-----Original Message----- >>From: Rosiak, John [mailto:john_rosiak@;mcgraw-hill.com] >>Sent: Thursday, November 14, 2002 10:34 PM >>To: '[EMAIL PROTECTED]' >>Subject: RE: [SA-list] Command execs >> >> >>Pstools is the right ticket....I am lovin this :-)..... Just the right >>complement for a tool like SA thanks for the help ! >> >>John >>-----Original Message----- >>From: Stuart Brereton [mailto:Stuart.Brereton@;X-TANT.COM] >>Sent: Thursday, November 14, 2002 5:10 PM >>To: '[EMAIL PROTECTED]' >>Subject: RE: [SA-list] Command execs >> >> >>I can vouch for the PSTools. It is extreemly versatile, robust and >>very powerful. As Davis said, you MUST test the applications first, >>we had a few problems but were soon ironed out. I would also advise >>getting all of the >>utils that your going to use one 1 box first, before moving on to >>your other >>servers >> >>Stuart Brereton >>ntl: Business Managed Network Services >>Customer Networks Operations Centre (CNOC) >>Network Technician / Network Specialist >>E-mail: - [EMAIL PROTECTED] >>Office: - +44 (0)1527 494005 >>Mobile: - 07990 648 889 >>-----Original Message----- >>From: Sloane, David [mailto:DSloane@;vfa.com] >>Sent: Thursday, November 14, 2002 9:35 PM >>To: '[EMAIL PROTECTED]' >>Subject: RE: [SA-list] Command execs >> >> >>For remote command execution, try psexec - part of PSTools - from >>www.sysinternals.com. >> >>It's extremely powerful when administering systems - you can start a >>wide range of processes remotely. Using psexec with batch programs >>can do great things for sysadmin productivity. >> >>Be careful though, that you test applications first before triggering >>them remotely on a wide scale. Some apps behave, others don't. >> >>-David >> >>PS - For extra fun, try "psexec \\servername cmd" (and then, again, >>be very careful). >> >>PPS - Did I mention you should use psexec with great care? >> >> >>-----Original Message----- >>From: Dirk Bulinckx [mailto:dirk@;woodstone.nu] >>Sent: Thursday, November 14, 2002 3:16 PM >>To: [EMAIL PROTECTED] >>Subject: RE: [SA-list] Command execs >> >> >>You can't execute a command on a remote system like that, the only way >>to do that is using remote services that execute the command. >> >> >> >> >>dirk. >> >> >>-----Original Message----- >>From: [EMAIL PROTECTED] [mailto:salive-owner@;woodstone.nu]On >>Behalf >>Of Rosiak, John >>Sent: Thu Nov 14 8:50 PM >>To: '[EMAIL PROTECTED]' >>Subject: [SA-list] Command execs >> >> >>Hi, >>I have my 'dumb' hat on today. I am trying to execute a "bat" file as >>part of an escalation. The log indicates the command was processed, >>but it does >>not perform the requested functions. Where does the bat file reside >>?? >>The command line is \\%h\c$\delmail.bat >>The log info is: >>Thursday, November 14, 2002 2:07:57 PM External check of >>:"h:\salivecheck\countfiles.exe" ini="h:\salivecheck\countfiles.ini" >>section=mailcheckhot logging=yes >>Thursday, November 14, 2002 2:08:02 PM 1110 >>Thursday, November 14, 2002 2:08:02 PM DoExternalCheck : returned >>value : >>1110 >>Thursday, November 14, 2002 2:08:02 PM Escalation procedure for >>152.159.214.60 >>Thursday, November 14, 2002 2:08:02 PM Executed command >>(\\152.159.214.60\c$\delmail.bat) >>Thursday, November 14, 2002 2:08:02 PM Executing command: >>\\152.159.214.60\c$\delmail.bat >>Thursday, November 14, 2002 2:08:02 PM Executed external command >>(\\152.159.214.60\c$\delmail.bat) >>John >>609.426.5842 >>To unsubscribe from a list, send a mail message to >>[EMAIL PROTECTED] >>With the following in the body of the message: >> unsubscribe SAlive SD> To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] SD> With the following in the body of the message: SD> unsubscribe SAlive SD> To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] SD> With the following in the body of the message: SD> unsubscribe SAlive - -- Best regards, Viktor mailto:Viktor@;Sokol.us -----BEGIN PGP SIGNATURE----- iQA/AwUBPdU2A9RWLZ9fN9MlEQK+bQCdEyGvuUHlUJJFR+cdTEl5n7CypYUAmwfh XF7uTMpyGSZhwYniQm5klfP/ =ulVv -----END PGP SIGNATURE----- To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
