Hi,
I hope you are doing great in these difficult times.
I am doing some remote test with NS and realized that scripting is not working as expected (Column Name: displayName - Full logged name - VBScript / Response Error: Permission denied: 'GetObject'). I suppose it is because we are trying to do it through VPN connections.
I have noticed that you already implemented different types of authentication on Remote WMI and others like Remote Powershell, but not on some others like Remote Scripting, Remote Registry, Remote Services, etc ... Can you implement this as a feature request? Or have any clues on how to resolve the issue?
Thanks & Blessings.
All Forums
> Network Scanner
> Current topic
Remote scripting authentication
Started by rmpf2
rmpf2
Remote scripting authentication 19 June 2020, 00:38 |
Re: Remote scripting authentication 19 June 2020, 09:28 |
Admin Registered: 18 years ago Posts: 3 519 |
The thing is, scripts cannot authenticate as such: they are just short programs running on your computer. They can however use the WMI system to make connections to remote computers.
The string passed to GetObject() defines the authentication parameters that will be used. You can set impersonationLevel, authenticationLevel and authority. It's a rather complex topic, so here are some MS docs on this:
The string passed to GetObject() defines the authentication parameters that will be used. You can set impersonationLevel, authenticationLevel and authority. It's a rather complex topic, so here are some MS docs on this:
rmpf2
Re: Remote scripting authentication 19 June 2020, 11:32 |
Thanks for the hint. That would solve the issue with the VBS script, but any idea on why the remote services does not return any value?
For example:
For example:
Item Name: Seclogon Service Service name: seclogon Property: Service Startup TypeNote: This one, and the others did work on premises, but not remotely (through VPN).
Re: Remote scripting authentication 19 June 2020, 11:54 |
Admin Registered: 18 years ago Posts: 3 519 |
My best guess would be that your current user is not properly authenticated within the remote network.
You can see what error code is returned by running something like this in a command prompt:
You can see what error code is returned by running something like this in a command prompt:
sc \\server-name-or-ip query seclogonIt'll probably be 'Access is denied'. So you will need to configure your PC to join the domain over VPN, enabling you to log in as domain admin remotely.
rmpf2
Re: Remote scripting authentication 19 June 2020, 12:14 |
Actually the current user is logged in correctly but not authenticated within the remote network because the connection is with a locally created user on the VPN.
Yes, you are right, it is indeed a problem of access rights. That's why my first statement was referring to using an already implemented method of different types of authentication on Remote WMI for Remote Services to try to access the remote machine services with other user credentials.
Not all VPN connections are made with domain authenticated users.
Yes, you are right, it is indeed a problem of access rights. That's why my first statement was referring to using an already implemented method of different types of authentication on Remote WMI for Remote Services to try to access the remote machine services with other user credentials.
Not all VPN connections are made with domain authenticated users.
Re: Remote scripting authentication 19 June 2020, 12:26 |
Admin Registered: 18 years ago Posts: 3 519 |
It's not really possible to authenticate for Remote Services, I am afraid. As you can see, the sc command also offers no authentication options.
Instead you can use WMI, as it allows you to authenticate as a different user and run something like this:
Instead you can use WMI, as it allows you to authenticate as a different user and run something like this:
SELECT StartMode FROM Win32_Service WHERE NAME = 'seclogon'It will display the desired result.
rmpf2
Re: Remote scripting authentication 19 June 2020, 12:31 |