Archive for the ‘Apps’ Category

PSTools – PSExec switches and usage

Posted: February 3, 2014 in Apps, Scripts
Tags: ,

 

Syntax

 

Usage: psexec [\\computer[,computer2[,…] | @file]][-u user [-p psswd][-n s][-l]

[-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>]

[-a n,n,…] cmd [arguments]

 

Options

 

-a

Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: “-a 2,4”

-c

Copy the specified program to the remote system for execution. If you omit this option the application must be in the system path on the remote system.

-d

Don’t wait for process to terminate (non-interactive).

-e

Does not load the specified account’s profile.

-f

Copy the specified program even if the file already exists on the remote system.

-i

Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.

-h

If the target system is Vista or higher, has the process run with the account’s elevated token, if available.

-l

Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group).

On Windows Vista the process runs with Low Integrity.

-n

Specifies timeout in seconds connecting to remote computers.

-p

Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.

Note that the password is transmitted in clear text to the remote system.

-s

Run the remote process in the System account.

-u

Specifies optional user name for login to remote computer.

Specify a valid user name in the Domain\User syntax if the remote process requires access to network resources or to run in a different account.

-v

Copy the specified file only if it has a higher version number or is newer on than the one on the remote system.

-w

Set the working directory of the process (relative to remote computer).

-x

Display the UI on the Winlogon secure desktop (local system only).

-priority

Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista.

computer

Direct PsExec to run the application on the remote computer or computers specified. If you omit the computer name PsExec runs the application on the local system, and if you specify a wildcard (\\*), PsExec runs the command on all computers in the current domain.

@file

PsExec will execute the command on each of the computers listed in the file.

program

Name of application to execute.

You can enclose applications that have spaces in their name with quotation marks e.g. psexec \\weslaptop “c:\long name app.exe”.

arguments

Arguments to pass (note that file paths must be absolute paths on the target system).

Summary

The following changes are required to allow a Samba/CIFS connection.
1. Create a local user account on Windows PC.
2. Share a folder and give local user read/write access to share.
3. Group policy change to network settings.
4. Windows registry change.

User account

Create a new Windows user account with either user or administrator privileges and assign a password. On Windows PC go to Control Panel > Administrative Tools > Computer Management or Start > Run > compmgmt.msc /s to open Computer Management, or [Win]+R, compmgmt.msc /s. The password must meet the following criteria
1. At least one capital letter
2. Contain non consecutive numbers eg. 1357
3. Six (6) to fourteen (14) characters long.
4. Must not match the user name. E.g Mforce1357

Ensure the following options are ticked
User cannot change password
Password never expires

Share folder

Configure or create the following items:
* Create a shared folder on the Windows computer for example C:\Forcefield
* Ensure that File and Printer Sharing is installed in the network setup. See Control Panel, Network Connections
* On the shared folder assign read/write security and sharing privileges to the above Windows user.
* Ensure that the Windows user has been allowed access to the shared folder on the share and security tabs

Group policy

To edit the group policy
1. Start > Run > gpedit.msc or [Win]+R, gpedit.msc or Search hard disk for “gpedit.msc”, then open
2. Click the + boxes to navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
3. In the right-hand pane, ensure that the following items are set:
*  Microsoft network server: Digitally sign communications (always) changed to Disabled
*  Microsoft network client: Digitally sign communications (always) change to Disabled
*  Network Security: LAN Manager Authentication Level is set to any that does not “Refuse LM”. Typically use             *  Send LM & NTLM and use NTLMv2 session security if negotiated
4. Exit from the Group Policy editor.

Registry keys

Caution: Always use extreme care when editing the Windows registry! Making a mistake while editing the registry can cause Windows to behave erratically. To fix this problem, you may need to reinstall your operating system.
To edit the Windows registry
1. Start > Run > regedit or [Win]+R, regedit or Search hard disk for “regedit.exe”, then open
2. Click the + boxes to navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa.
3. In the right-hand pane, right-click lmcompatibilitylevel and then select Modify. Change the Value data to 1, and then click OK.
4. In the right-hand pane, right-click nolmhash and then select Modify. Change the Value data to 0, and then click OK.
5. Exit from the Registry Editor.

Samba Setup for Windows 7 Enterprise

untitled

Creating user on Windows 7 Enterprise

untitled3

Changing share permissions on the folder

untitled3

 

Changing security permissions on the folder

untitled4

gpedit policy changes

untitled5

Registry changes

untitled6

Successful connection Windows 7