-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathRLAChoir.ACQ
39 lines (39 loc) · 1.87 KB
/
RLAChoir.ACQ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
*******************************************************************************************
* Achoir - Remote Artifact Acquisistion *
* /VR0:<RemoteComputer> /VR1:<LocalAdmin UserID> /VR2:<LocalAdmin PW> *
* *
* IMPORTANT - When using PSexec the -e parameter is REQUIRED for remote mapping to work! *
* IMPORTANT - When using /MAP, /USR, /PWD - They MUST be in this order: /USR, /PWD, /MAP! *
*******************************************************************************************
LBL:ChkLoop
Say:
Say:Checking for Admin Rights on: &VR0
CKN:\\&VR0\admin$
SAY:***
SAY:*
SAY:* Either &VR0 is not turned on and connected to this network, or
SAY:* You DO NOT HAVE Admin Rights on &VR0
SAY:*
SAY:* Check to make sure &VR0 is turned on and connected and that you have Admin
SAY:* Rights. Without Admin rights you cannot run AChoir on the Remote System!
SAY:*
SAY:***
INP:Do you want to Attach to &VR0 as an Admin (y/n)?
EQU:&Inp y
SYS:net use \\&VR0\admin$
JMP:ChkLoop
END:
BYE:
END:
Say:
Say:Now Creating a Local Share to Run AChoir and Save Artifacts from: &VR0
SHR:&Dir Ach-Remt
Say:
Say:Loading AChoir on Remote Computer
*******************************************************************************************
* Important: All the Parameters are in quotes to make sure they are separated. This is *
* ESPECIALLY IMPORTANT for the Map Back UserID when using the form: *
* <ComputerName\UserID> - without quotes it WILL NOT WORK *
*******************************************************************************************
EXE:\SYS\PSexec.exe \\&VR0 -h -e -c -f "Achoir.exe" "/usr:&VR1" "/pwd:&VR2" "/map:\\%COMPUTERNAME%\Ach-Remt" "/ini:RScripts\LRAChoir.Acq"
Shd:Ach-Remt