[SOLVED] Agent update on a 2003/samba3 server

Share your tips or issues concerning the WAPT Console or WAPT Agent here
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
Raphael
Messages: 9
Registered: July 26, 2016 - 12:28

March 29, 2018 - 3:37 PM

Good morning.
Just in case!
For those still using a 2003 server or a Samba 3 server (yes, it's possible) ;-)), user accounts do not generally have the right to install software.
Following the update to version 1.5, I am using the cpau utility: http://www.joeware.net/freetools/tools/cpau/index.htm
Below is the script that tests the version on a text file and launches an encrypted "job" to prevent the display of credentials:

Code: Select all

echo off
WMIC DATAFILE WHERE name="c:\\wapt\\wapt-get.exe" get Version /format:Textvaluelist > c:\versionwapt.txt
find "Version=1.5.1.18" c:\versionwapt.txt
if %errorlevel% equ 1 goto pasbon
goto end
:pasbon
echo off
"\\serveur\netlogon\cpau.exe" -dec -file "\\192.168.1.254\serveur\zwapt.job" -lwp
echo off
:end
To create the job:

Code: Select all

 - cpau -u domain\user -p pass -ex "\\serveur\netlogon\waptagent" \verysilent -enc -file "\\serveur\netlogon\zwapt.job"
Raphaël Larronde,
Saint Joseph High School
, 64240 Hasparren
High
User avatar
agauvrit
WAPT Expert
Messages: 238
Registration: Nov 17, 2016 - 10:25
Location: Nantes
Contact :
Contact agauvrit

March 30, 2018 - 5:22 PM

Hello,

Even though it's documented online, this is a very bad practice for deploying WAPT.

Consider migrating to Windows Server 2012+ and/or Samba4 instead; it will be healthier for everyone.

Regards,

Alexandre
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

April 5, 2018 - 7:48 PM

Hello Raphaël,

Thank you Raphaël for your contribution to the forum, but I can't help but react to your post, because I see this mistake made too often.
Raphael wrote: March 29, 2018 - 3:37 PM For those still using a 2003 server or a Samba 3 server (yes, it's possible ;-)!), user accounts generally don't have the right to install software.
After updating to version 1.5, I'm using the cpau utility: http://www.joeware.net/freetools/tools/cpau/index.htm
Below is the script that tests the version on a text file and runs an encrypted job to prevent the display of login credentials:
DO NOT USE CPAU.EXE FOR YOUR DEPLOYMENTS!!!!!

It's very easy to recover the password for a CPAU .job file. If you don't believe me, try it with the API Monitor utility [1]. You can refer to the page for guidance https://micksmix.wordpress.com/2013/03/ ... -software/

In just 2 minutes, we can retrieve the administrator password for your workstations (including tool download)... If you're having trouble following the tutorial above (there's one detail that isn't explained clearly, just to make it a little more advanced than a script kiddie), you can send me your CPAU job file, and I'll send you your password...

And anyway, if we have to resort to using CPAU, IPC$ and ADMIN$ are probably also open, and PSExec will do the job better (even though it's really not recommended at all). There are also some antivirus programs that have basic deployment features. And then (to lighten the mood), while we're at it, check if it's also possible to exploit the EternalBlue vulnerability; sometimes it can be helpful :-) .

Good evening everyone,

Denis

PS: For Win2k3 users, deployment via GPO works very well!

[1] http://www.rohitab.com/apimonitor
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Locked

Return to "WAPT usage (Console, Agent) / WAPT usage (Console, Agent)"


  • To go further with WAPT