Penetration Testing mailing list archives

Re: Remote access and automatize user account creation (Windows XP)

From: TAS <p0wnsauc3 () gmail com>
Date: Fri, 7 May 2010 01:13:40 +0530

Hi,

Having two simultaneous connection is possible only in Windows server
editions. Unfortunately this feature is not integrated in Windows XP.
With softwares like VNC or team viewer you can have two people connect
to the system, but only one person can use it.

There is a workaround to having simultaneous connection like in server
editions in Windows XP as well, but it may not get accepted by your
client, since it involves using a modified DLL file. Incase if you are
still curious google for "concurrent-rdp-connections-hack-xp" (off
course without the double quotes)

For your second question, there is a way to do this. Take a ISO of
Windows OS, do something called as slip streaming. There are tools
like nlite that allow you to create or pre configure a lot of options
like adding the key, having latest updates pushed, drivers and some
softwares pre installed in image. So you also have an option of pre
configuring the accounts atleast in nlite. A detailed guide is
available at hxxp://unattended.msfn.org/unattended.xp/ for various
class of users. Once you have done this correctly, you will do what is
called a silent installation of OS.

Hope this helps.

Cheers
TAS!

On 5 May 2010 23:23,  <sbesson () ymail com> wrote:

Hello everybody,

One of my client who has great needs in security, is asking me two questions which I wasn't able to answer to :


1. My client is looking for a remote access software (such as VNC) which could allow 2 simultaneous sessions on 
Windows XP SP3. Are you aware of any software like this ? Also, which one is the best regarding security ?

2. The support/exploitation IT department has been complaining about having to enter credentials during the 
installation of an XP image. They are asking my client to automatize the creation of 2 local accounts w/o having to 
enter any credentials.
This means that the credentials used in order to create both account have to be stored somewhere right ? (ie, in a 
script). What are the best security practice regarding this ? How to automatize the creation of a ressource (user 
account, etc.) which require authentication w/o having to enter password ?

Thanks in advance for your help.

Best regards,

S. AIBI

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Remote access and automatize user account creation (Windows XP) sbesson (May 06)
- RE: Remote access and automatize user account creation (Windows XP) Paul Griggs (May 06)
- Re: Remote access and automatize user account creation (Windows XP) Shreyas Zare (May 06)
- Re: Remote access and automatize user account creation (Windows XP) TAS (May 06)
- Re: Remote access and automatize user account creation (Windows XP) Susan Bradley (May 06)
- Re: Remote access and automatize user account creation (Windows XP) aryasheel.pradhan (May 07)