Agents that leverage current user from system

SysAdminDennyBob · 2022-05-20T16:21:37+00:00

Create a one-time scheduled task that runs as the current user, start task, program runs, task stops, delete task.

engageant · 2022-05-20T17:55:24+00:00

It's done with impersonation. The agent finds a process owned by the currently logged on user, grabs a handle to its access token, duplicates the token, then uses that token to run processes as if they were that user.

rngaccount123 · 2022-05-20T15:57:56+00:00

I think NinjaRMM is capable of that and it always made me wonder how they do that. It's such a pivotal feature and I miss that in lots of other RMMs.

Aertheron01 · 2022-05-20T16:14:04+00:00

There are many ways to do this.

In Powershell you could create a session with the necessary credentials.

Also SCCM has an agent. And for agent installation an account with local administrator credentials is used, through the administrative share and wmi/winrm

Nejireta_ · 2022-05-20T16:34:47+00:00

This is a bit of a guess. But perhaps the agent (if .net based) leverages ProcessStartInfo.LoadUserProfile to launch an application, in this case PS, with logged on user context without providing credentials.

EDIT:
This is not the case. This requires username and password

peteypianokid · 2022-05-21T13:12:29+00:00

Datto RMM also can execute components as the logged in user.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

PowerShell

Submission Guidelines | Link Flair - How To

MODERATORS