Open ggordon-vispero opened 7 years ago
poweradminllc
commented
7 years ago What you're running into is designed UAC behavior :( Since your remote account can't respond to a UAC prompt, it can't elevate and have true administrator rights. Please see this Microsoft article for more info and a way to make a change to the remote UAC behavior:
ggordon-vispero
commented
7 years ago I don’t think that this is my issue. I explicitly enable the built-in administrator account on the remote machine and use that account when logging in remotely because that account doesn’t have a split token. Functionally it’s always elevated. This has served me well with PAExec and similar tools from Vista up through Windows 10 RS2. Only in the last couple of months has the CreateServiceCall started failing. Even so, I’m still able to remotely mount the remote administrative shares using this login and copy files to places like system32 which would be off limits were I using a restricted token.
From: PA [mailto:notifications@github.com] Sent: Thursday, August 31, 2017 11:42 AM To: poweradminllc/PAExec PAExec@noreply.github.com<mailto:PAExec@noreply.github.com> Cc: Glen Gordon GGordon@VFOGroup.com<mailto:GGordon@VFOGroup.com>; Author author@noreply.github.com<mailto:author@noreply.github.com> Subject: Re: [poweradminllc/PAExec] Connecting to Windows 10 Insider Fast 10.0.16275 results in error "the stub received bad data" (#25)
What you're running into is designed UAC behavior :( Since your remote account can't respond to a UAC prompt, it can't elevate and have true administrator rights. Please see this Microsoft article for more info and a way to make a change to the remote UAC behavior:
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/poweradminllc/PAExec/issues/25#issuecomment-326353937, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AYIkgh8iWxaBq2TaQ7MHsR3Vnua8-lNeks5sduJHgaJpZM4PF499.
I'm using two machines neither of which is part of a domain, and connecting to the remote machine using the credentials of the builtin admin account.
Everything works properly until the call to CreateService on the remote machine. This isn't unique to PAExec. PSExec suffers from the exact same issue.
This is clearly a harbinger of things to come when Windows 10 RS3 is officially released.
I'm happy to work on a fix if I could figure out the underlying problem. I'm opening the issue in the hopes that those more informed than I about windows 10 RS3 security or other breaking changes will weigh in.