Wednesday, October 20, 2010

psexec logon failure and access denied

If you're experiencing logon failures with your lab testing in psexec (be it standalone psexec tool, or the auxiliary psexec module found within Metasploit)

Source: http://antonperez.com/2007/11/28/pstools-access-denied-error/


Here are the settings/steps I checked/took that resolved the issue:

1. ping - was able to ping the machine by hostname. So no problem here.

2. net share - verified the ADMIN$ share was enabled. Again no problem here.

3. Remote Registry service - verified the service was started because the PsTools suite makes use of RPC calls via port 445. Was fine here.

4. Administrator password - verified the Administrator did not have an empty password. Was set here.

5. Test account - created a test account to use for psexec (e.g., psexec \\computer_name notepad.exe -u test -p test). Was available here.

6. Access hidden share – tried to access C$ and found that user name field grayed out. This tipped off the problem – cool!

To fix it, I had to set the "Network Access: Sharing and security model for local accounts security option Classic – local users authenticate as themselves."

Access it via Start > Run > secpol.msc > Local Policies > Security Options

Change "Network Access: Sharing and security model for local accounts" to "Classic - local users authenticate as themselves"

Apparently, updates to Windows XP now sets this security option to Guest only – local users authenticate as Guest, which denies the ability to implicitly or explicitly use of a specific user name/password combo.

2 comments: