I'm trying to start a remote desktop connection to a computer with a user that doesn't have a password, using Powershell. The cmdkey command does not seem to accept an empty password, but asks me for a password with a prompt.
I need to launch the remote desktop from a Powershell-script as it needs to connect to any of several computers at will, so saving the credentials to Remote desktop is not an option.
I have tried using stuff like "", $null, """", "^", ` but none of these work, they are either not a password at all, are the wrong password or just freeze the Powershell-script. The same exact code works just fine for an account that has a password on the same machine.
$username=
$IPAddress=
cmdkey /generic:$IPAddress /user:$username
mstsc /v:$IPAddress /admin
Start-Sleep -Seconds 1
cmdkey /delete:"LegacyGeneric:target=$IPAddress"
The script either asks for the password, or the remote desktop prompts for it, but then accepts just pressing "Ok" with an empty password, or the whole script freezes in some cases.
It should just connect as the empty password is correct.
Windows will not allow the logon over a network with a blank password. However, there is a registry setting you can do on the target machine that disables this behaviour:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LimitBlankPasswordUse"=dword:00000000
A 'cleaner' way to set this is by using the Group Policy Editor (gpedit.msc) on the target machine.
Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options and search for option Accounts: Limit local account use of blank passwords to console logon only
Double-click this option and check Disabled.
From then on, you should be able to remote log on to that computer with a blank password.
Note: this setting of course provides a security risk.
Read about Accounts: Limit local account use of blank passwords to console logon only
Related
I need to use my local computer to simulate a test stand which will be on a domain and access a remote computer which is on a workgroup using PsExec. The testing computer is built from an imaging tool. The IP will be the same every time but the name isn't. The process I'm working with was used on an embedded XP system and is now being upgraded to WIN10. I've added network security using GPO and have found workarounds to be able to open the connection but for some reason just trying to run cmd on the remote machine does not work when using the IP, only the name. Using the IP returns the "access is denied" error. I have already added the token filter key to the registry. Has anyone heard of something like this before?
I have a script I'm trying to run but in the meantime I'm just trying to get
psexec \IP_ADDERESS -h -u USER_NAME(this is an admin) -p PASSWORD cmd
edit: I have to keep my computer on a domain but I have a spare that I was able to put on a workgroup with the test system. Running psexec went perfect. It makes no sense why it works for the name and not ip on a domain->workgroup connection and works exactly how I need it to on a workgroup->workgroup connection.
I'm having trouble creating a Powershell script that will open an RDP session without a prompt asking for a password.
I've followed the instructions in the following post, however the password prompt always pops up.
Here is the script:
cmdkey /generic:"server ip" /user:"username" /pass:"password"
mstsc /v:"server ip"
Does anyone know what I'm doing wrong? Is it possible to execute within the realm of Powershell? Thanks!
So I figured it out with Bonneau21's help (thanks!):
I'm connecting to a computer that isn't part of a domain, because of that I need to connect with a local user.
What I did was a slight change to the original script indicating that the user I need to connect with is local:
cmdkey /generic:"server ip" /user:"server ip\username" /pass:"password"
I am trying to connect by FTP to an Azure Web App. I downloaded the publish profile and copied the login to my FTP client and can connect successfully. But when i use ftp.exe from Windows then i am not able to connect to the same host with the same credentials.
I have read Connecting to Azure website via FTP but those solutions do not fix my problem.
This is the output:
C:\Projects>ftp
ftp> open waws-prod-am2-201.ftp.azurewebsites.windows.net
Connected to waws-prod-am2-201.drip.azurewebsites.windows.net.
220 Microsoft FTP
Service 200 OPTS UTF8 command successful - UTF8 encoding now ON.
User (waws-prod-am2-201.drip.azurewebsites.windows.net:(none)): firstserver\$firstserver
331 Password required
Password:
530 User cannot log in.
Login failed.
Invalid command.
Also tried with username firstserver from the Windows command prompt, no difference. Do not forget: when logging in via commercial FTP client software I CAN login successfully.
I tried backslashing the backslash and/or the dollar sign, but nothing helps. What is going wrong, how do i login from the command prompt using the Windows default ftp.exe?
If you run ftp in debug mode (-d switch), you will see that it truncates the password to 32 characters. That's why the connection fails.
Try using a shorter password. Otherwise you will have to use another command-line FTP client.
I am using psexec to execute commands on remote server. Here is my command,
PsExec.exe" -u user \\server -h run.bat
I am entering the password manually. here I am using standard user account due to security issues. When I run the command I am getting the error,
"Make sure that the default admin$ share is enabled"
I read here that it cannot be done without admin privileges.
But when I test the same command in LAN it works in standard user.
How it works in LAN not in Remote server ?
Is there any alternative tools which will work in standard user ?
Please help me.
As an alternate tool, you can use Powershell and WinRM. Powershell allows you to execute a command, or an interactive session, on the remote windows server.
An example of executing a command is available here:
How to programmatically/remotely execute a program in EC2 Windows instance
If you need an interactive session, look at the Powershll command 'Enter-PSSession': https://technet.microsoft.com/en-us/library/hh849707.aspx
I read this from a posting in the Windows SysInternals forum.
The HKCU - hive key current user - will point to that user's hive key who authenticated on the remote machine with the help of psexec. It will not point to the user's hive key who has logged on interactively to the machine's desktop, unless both accounts happen to be identical.
I am facing the same problem with trying to push the signer and cert associated with a self signed certificate to the HKEY_CURRENT_USER/Software/Microsoft/SystemCertificates/Root/Certificates folder in the Windows registry for the user signed onto the remote machine.
If the userid and password used with PsExec are the same as the user currently logged onto the remote machine everything works fine. The PKCU registry entries get added as expected.
Since we can't ask each end-user for their AD password I am trying to sort out how I can get this to work when both accounts aren't identical. I have a Windows service account that has admin rights on all the PCs in the domain I am trying to push the cert and signer out to. If I use that account with psexec the registry entries do not get added for the user logged onto the remote PC.
Is there any way I can I write to HKEY_CURRENT_USER using psexec when both accounts aren't identical? That is, when the account used with the psexec command is not the account that is currently logged onto the remote PC.
example:
User remoteuser is logged onto the remote PC on which we want to install the cert entry into the HKCU hive but we use a different user/account with psexec. We do this because we don't know the AD passwords for all the remote users we want to update the HKCU hive for.
That would be a serious security issue.
In this example we use the psexecuser account to start the psexec service on the remote PC that the AD user remoteuser is logged onto.
C:\psexec #C:\remoteUserPCList.txt -u ourdomain\psexecuser -p psececuserpassword -d -c -f C:\InstallSSLCertinHKCU.bat
The HKCU registry entries do not get added for the remoteuser account on the remote PC.
Any fixes that would work with psexec would be a great help. I suspect we could use AD GPO but I am hopeful that there is some trick out there that can be used with PsExec.
regards
psexec can't impersonate the logged-on user. But you don't need to push a self-signed certificate to the user's profile on the remote machine, you can push it to the computer account instead, and you can even do that with group policy.