1

I'm trying to find a way to start a program on a remote computer (in a domain environment, so I know all the credentials) without any third-party software like PSExec.

Now the problem is, that it should run interactively! (And in the best case, it should run in the current logged-in user context) I know WMI, and I know that you can start a process with WMI but it's not interactive. (You can start an interactive process with a scheduled task but then it runs as a system process and has system privileges(?))

Now lets say I want to write a C# application for the IT technicians to supervise the systems, do you have any idea which technique can be used to allow the IT technicians to start programs remotely without installing software?

Or, in other words, is there something else other than WMI-scheduled processes?

4

1 回答 1

1

如果这是适合您的解决方案,您也许可以自己编写 PSExec 所做的事情。如果我记得很清楚 PSExec 的工作原理,它首先使用管理员共享复制文件以在远程系统上运行(例如,\\PCNAME\ADMIN$\TEMP;如有必要,您可以使用权限连接到远程计算机使用该功能的凭据WNetAddConnection2())。如果您在远程计算机上复制的文件可以作为系统服务运行(如果您编写了一个,则可能是这种情况),您可以使用OpenSCManager(),CreateService()StartService()来启动它。服务可以在交互模式下运行(参见SERVICE_INTERACTIVE_PROCESS标志,它要求服务作为系统帐户运行)。然后,该服务可以模拟登录用户,可能通过使用ImpersonateLoggedOnUser()从他正在运行的进程之一获得的令牌OpenProcessToken(),但我从来没有试过看看这是否有效。

于 2013-03-25T15:26:44.833 回答