deajan
commented
6 years ago Playing a bit further with that bug, I can confirm that even running regedit as system with paexec won't show the the registry key created with PSExec.
Open deajan opened 6 years ago
deajan
commented
6 years ago Playing a bit further with that bug, I can confirm that even running regedit as system with paexec won't show the the registry key created with PSExec.
n-mam
commented
3 years ago add /reg:64 switch at the end.
reg query HKLM\Software\Test /reg:64
poweradminllc
commented
3 years ago Are you using the 64-bit version of PsExec when you test?
Hello,
Using Windows 10 (latest 1803 build up to date) x64, paexec does not correctly map HKLM\Software key between normal and system accounts.
Exemple:
paexec -i -s reg add HKLM\Software\Test /v Some /t REG_SZ /d Value /fwill create the TEST key in WOW6432Node subkey. Hence,paexec -i -s reg query HKLM\Software\Testwill work.reg query HKLM\Software\Testwill return an error since it won't find the Test key.Running the same commands with psexec will work.
Best regards.