One of the systems I work with had 2 components on a server that interfaced via an executable, and due to that dependency had to be on the same server. Then, on a quiet Friday afternoon a week before the software is demonstrated on the Live hardware, I receive a call basically asking me to separate the dependency so they can be installed on separate servers, and create a new release by the end of the day(!). Now I thought, I can't properly create another WCF web service, and get it tested, in such a short time. I was however familiar with PsExec - but - I did not know how it actually worked, and whether or not it would work in our target environment, which is quite security concious.
As PsExec is not an officially supported tool, there is no detailed documentation, and the best detailed account from the author is only viewable at a cost.
The best explanation I found for how PsExec actually works can be found here
But in summary, I found that PsExec has the following pre-requisites:
- The user on the source system, must be in the local administrators group on the remote system (that's the doozie)
- The \\remotesystem\ADMIN$ share must be available
- File sharing must be allowed between the two systems
- Ports 445 and 139 must be open
The requirement on the administrators group is the biggest issue, and one that I feel makes PsExec unsuitable in secure environments.
No comments:
Post a Comment