Improve the security level of command lines by using ipvxec, and execute commands by bypassing group policies

On one occasion, I needed to capture time travel tracing (TTT) in the customer's environment, but it was not possible to capture it. The error is as follows:

 

The error message is as follows:

C: \ debuggers \ TTT> tttracer-dumpfull-out E: \ tttoutput-Attach 3384

Microsoft (r) tttracer 2.010.40929 (Sep 29 2009 21:13:03)

Copyright (c) Microsoft Corporation. All rights reserved.

Warning: Please upgrade to a newer version of TT tracing.

Error: trace of "w3wp.exe" PID: 3384 did not complete successfully: Status: 20

Error: communication between the guest process and this client

Cocould not be established, which may be an indication

Permissions or privileges problem (see E: \ tttoutput \ w3wp01. Out

For more details ).

Error: upted trace dumped to E: \ tttoutput \ w3wp01. Run. Err.

See error output file E: \ tttoutput \ w3wp01. Out for more details.

 

W3wp01. Run. Err content

------------

Microsoft (r) tttclient 2.010.40929 (Sep 29 2009 21:12:58)

Microsoft (r) Time Travel tracing 2.010.40929 (Sep 29 2009 21:12:58)

Copyright (c) Microsoft Corporation. All rights reserved.

Microsoft confidential-strictly for internal use only

Initializing time travel tracing for attach to 3384

Time: 03/02/2012 15:40:36

OS: 6.1.7601 edition: x64

Group tracing guid: d2c17755-0428-4e74-8709-b2f3bdfe0fa1

Running "w3wp.exe"

Running "C: \ debuggers \ TTT \ nirvexec.exe"/duration 1/clientname "C: \ debuggers \ TTT \ tttracewriter. DLL "/clientparams" 23 E: \ tttoutput \ w3wp01. run 0 0 0 100000 0 1 0 6001 "/Attach 3384

 

Customers say they have some group policies that impose security restrictions on their computers, but when we open secpol. when MSC was checking, they did not remember the group policies they modified. -_-|

 

Solution

==============================

Use the system command prompt instead of the command prompt that improves the permission.

How can we use system command prompt? The answer is to use sysinternals (acquired by Microsoft) a command line tool called javasxec.

 

First, run the following command:

Export xec.exe-s-I-d cmd.exe

Wait. In the new cmd window, enter the command that was originally rejected by the system.

 

More information about the tool

============================

Using xec, User Account Control and security boundaries

Http://blogs.technet.com/ B /markrussinovich/archive/2007/02/12/638372.aspx

Execute processes on a remote system and redirect output to the local system

Http://www.windowsitpro.com/article/remote-computing/psexec

 

============================

Psexec v1.98

http://technet.microsoft.com/en-us/sysinternals/bb897553