4

I wondered whether anybody knew how to prevent other systems from using psexec to run services on my machine, assuming running the windows firewall is not an option?

In addition, I have read that a hacky solution is available whereby you create a manual service called 'psexec' and then immediately disable it, since it seems to check for this on the remote system and not run if this is present. However, this seems somewhat icky to me. Any alternatives out there?

ljs
  • 163
  • 1
  • 1
  • 6

1 Answers1

8

In order to run something on your machine with psexec, the remote user must have administrative rights to your machine. Denying other users local administrative rights to your machine is the correct way to prevent this.

Skyhawk
  • 14,200
  • 4
  • 53
  • 95
  • Hm I feel a little silly :) I had assumed the user would have to have elevated permissions, but of course the local policy has to permit it in the first instance. – ljs Dec 30 '11 at 16:00
  • many antivirus programs will block psexec as well. – Jim B Dec 30 '11 at 19:58
  • @JimB Strange: it's a useful and legitimate tool. Sounds sort of like an antivirus program blocking something like VNC because it *could* be used maliciously. – Skyhawk Dec 30 '11 at 20:49
  • @MilesErickson it's not just that it could- it is *often* used for exploits and there is nothing that it does that can't be done without it. – Jim B Jan 01 '12 at 17:29
  • @JimB Fair enough. I must remember that most environments aren't secured properly or at all. – Skyhawk Jan 02 '12 at 15:18