Liberty BASIC Community Forum
« using msg.exe & psexec.exe in LB »

Welcome Guest. Please Login or Register.
Sep 19th, 2017, 1:50pm


Rules|Home|Help|Search|Recent Posts|Notification


« Previous Topic | Next Topic »
Pages: 1  Notify Send Topic Print
 thread  Author  Topic: using msg.exe & psexec.exe in LB  (Read 198 times)
Pablad
New Member
Image


member is offline

Avatar




PM

Gender: Male
Posts: 2
xx using msg.exe & psexec.exe in LB
« Thread started on: Jun 18th, 2016, 08:03am »

Hello, is it possible to use psexec.exe to connect to a network PC then use msg.exe to bring a pop-up message, at the moment we are using a large batch file to send pop-ups to about 40 PC's (operator pick stations) to tell operators to move to another work station or when to go for break etc etc, the operator does not have to reply, just see the message, psexec.exe is ideal as we only have to put it on the supervisors PC, I can get LB to open a pop-up on a local PC with:

Run "msg.exe * " + message$

message$ is the message for the pop-up from a text box.

the batch file code to send a message is :

psexec.exe \\%station% -u administrator -p gambit msg * %message% - Sent from %computername% 2>NUL 1>NUL

user name & password is needed to access the PC.

I would like to make a custom app with a GUI instead of using a batch file.

we are using Win 7.

any help would be much appreciated.

Cheers, Paul.
« Last Edit: Jun 18th, 2016, 08:17am by Pablad » User IP Logged

Chris Iverson
Administrator
ImageImageImageImageImage


member is offline

Avatar

20% Cooler


Homepage PM

Gender: Male
Posts: 2278
xx Re: using msg.exe & psexec.exe in LB
« Reply #1 on: Jun 18th, 2016, 4:07pm »

I'm trying to think of ways to do this in LB right now, without needing to have LB ask for the user's password, and to try to avoid PSEXEC sending the password over the network in plaintext.

Couple things, if you happen to know:

1) Is the account the supervisor is using to broadcast the messages his regular account? Or does he have a separate, special admin account for this?

2) If it's a separate account, does it have admin access on the supervisor's computer, as well?

The answers to both of these will change the methods you'll have to use to do this.
User IP Logged

"Do you believe in destiny?" - Pyrrha Nikos, RWBY
"With what wish will your Soul Gem shine?" - Kyubey, Puella Magi Madoka Magica
Pablad
New Member
Image


member is offline

Avatar




PM

Gender: Male
Posts: 2
xx Re: using msg.exe & psexec.exe in LB
« Reply #2 on: Jun 19th, 2016, 01:08am »

The network the computers are connected to is a closed LAN within a warehouse, used for picking items for shops etc, all the supervisers & operators see is the front end GUI of our warehouse control software (WCS) which is a database application & use logons provied by the WCS so dont actually have access to the network, the netsend batch file is always running and is accessed by 'alt tab'.
the user & password is what we use when we need to connect to the servers or to workstation computers for maintenance/admin work but the batch file needs the user & password to connect to which ever PC is being send a message, the batch file as also been converted to an .EXE so cannot be edited.
I might have to run the batch file through LB but really wanted to run everthing within LB, we have the source code for a chat application in C++, which uses TCP/IP (I think) but our company dont like using third party sofware applications, C++ is abit too much for me aswell.
I will continue looking into the problem, any suggestions are welcomed.

Update:
I have done a working test GUI that writes to a batch file, a get a round for the moment, if anybody as anything better then please reply.

Code:
nomainwin
'Form created with the help of Freeform 3 v07-31-2015
'Generated on Jun 10, 2016 at 14:45:36
    [setup.main.Window]

    '-----Begin code for #main

    WindowWidth = 550
    WindowHeight = 410
    UpperLeftX=int((DisplayWidth-WindowWidth)/2)
    UpperLeftY=int((DisplayHeight-WindowHeight)/2)

    '-----Begin GUI objects code

    button #main.send,"Send Message",[send], UL, 390, 322, 102,  25
    TextboxColor$ = "white"
    textbox #main.workstation,  80,  57, 100,  25
   textbox #main.message,  95, 317, 100,  25

    '------drop down menue items
    menu #main, "&options", "&clear", [clear], "E&xit", [quit], "&display text from text box", [display]
    open "Messenger" for window AS #main

    print #main, "font ms_sans_serif 10"
    print #main, "trapclose [quit]"

    '-----End GUI objects code

 [clear]
    print  #main.workstation, ""
    print #main.message, ""
    wait

 [send]
   print #main.workstation, "!contents? computer$"
   print #main.message, "!contents? message$"
   open "C:\Users\VI\Desktop\sendcommand.bat" for output as #send
   print #send, "psexec \\" + computer$ + " -u administrator -p gambit msg * " + message$
  ' print #send, "pause"
   close #send
   run "C:\Users\VI\Desktop\sendcommand.bat", hide

    wait
    '-----exit program
    [quit]
    confirm "are you sure that you want to quit?"; quit$
    if quit$ = "no" then wait

    close #main
    end

 


Cheers, Paul.
« Last Edit: Jun 19th, 2016, 10:28am by Pablad » User IP Logged

Chris Iverson
Administrator
ImageImageImageImageImage


member is offline

Avatar

20% Cooler


Homepage PM

Gender: Male
Posts: 2278
xx Re: using msg.exe & psexec.exe in LB
« Reply #3 on: Jun 19th, 2016, 3:16pm »

Does the supervisor know/allowed to know the admin password? Or are you actually hard-coding it into the batch file/program?

(I'm guessing/hoping the username and password isn't actually administrator and gambit.)

From a security standpoint, I can see three ways of obtaining the credentials needed to connect, in order, from worst to best:

1. Hard-code the credentials in the batch file/program. Convenient in that users of the program don't have to know the actual credentials being used; bad in that any user that has read access to the batch file/program can open it up in a text editor and see the password. Also, the password can't change unless you update the program as well.

2. Have the program ask for credentials. This would provide the maximum utility while still blocking the security risks mentioned above. Downside is whoever is using the program needs to know the credentials.

Additionally, there are two separate ways of doing this, one that provides a little less security, but more convenience(I'll call this 2A), and one that provides more security, but needs a bit more to work(2B)

3. Have Windows ask for the credentials. This is, sadly, the most difficult to do, because Windows doesn't provide many features for programmatically launching a program as another user. They provide APIs for doing so, but said APIs require you to obtain the credentials from the user yourself, instead of having Windows ask for the credentials.

This is why I asked if the admin account you're using for the other computers is also an admin on the computer the supervisor is using.

The way PSEXEC works is, if you don't specify a username on the command line, it will user the identity of the account that launched PSEXEC.

If you're logged into the admin account on the supervisor's computer, and manually use PSEXEC to connect to another computer, as long as that account or its credentials are recognized by the other computer as admin, it will work.

This is also why I'd like to know if the same admin/password work on the supervisor's computer, AND if it works as admin on the local computer.

If the account isn't recognized by the local computer, then the only option is 1 or 2A.

1 is obvious, and would essentially be close to what you're already doing. The password would just be hard-coded into LB code instead of your batch file.

2A would be very similar to what you're doing, but instead of hard-coding the username and password, you ask the user for them, first.


If the admin account can log into the local computer, but doesn't have admin access on the local computer, this allows option 2B:

Ask the user for the username and password, and then, instead of passing the username and password to PSEXEC for it to send over the network, use the CreateProcessWithLogon() API to directly launch PSEXEC locally, as the admin user. This has the benefit that the password is never sent over the network in plaintext. You're still handling the password in your own code, though, so if you're not careful, your code could leak the password.



If that admin account DOES have admin access on the local computer, and the supervisor's account does NOT have local admin, AND UAC is not disabled(a lot to ask, I know tongue) then you can ask windows to launch PSEXEC as admin on the local computer, which will bring up a username and password prompt from Windows itself that the user can type into.

This has the bonus of being just as secure as the second method, plus your own code is not touching or handling the user's credentials at all.

Annoyingly, it is really easy to manually launch a program as another user in Windows, WITHOUT needing to elevate to admin. (Hold shift, right-click on program or shortcut, click "Run as different user"). However, I have, as of yet, not found a way to programmatically invoke this.


Sorry for the info dump, but you're talking about an account that, at the very least, has local admin access on possibly multiple machines. I take security seriously tongue
« Last Edit: Jun 19th, 2016, 3:16pm by Chris Iverson » User IP Logged

"Do you believe in destiny?" - Pyrrha Nikos, RWBY
"With what wish will your Soul Gem shine?" - Kyubey, Puella Magi Madoka Magica
Pages: 1  Notify Send Topic Print
« Previous Topic | Next Topic »

Rules|Home|Help|Search|Recent Posts|Notification

Donate $6.99 for 50,000 Ad-Free Pageviews!

| |

This forum powered for FREE by Conforums ©
Sign up for your own Free Message Board today!
Terms of Service | Privacy Policy | Conforums Support | Parental Controls