From a script I needed to schedule a project in RES Automation Manager 2011 for a particular server.

This can be done with the WMC.exe commandline tool as documented in the Admin Guide. However we must specify the agent’s GUID instead of it’s name. We can of course use the AM console to get the agent’s GUID but it’s more flexible to script this.

Unfortunately there’s no API we can call so I am directly quering the AM database using a PowerShell script.

The script read the database server and database name from the registry so it assumes you have the AM console installed.

(more…)

I needed to change the drive letter assigned to the cd/dvd station from an Automation Manager project.

Although most systems only have one cd/dvd drive, some machines might be equipped with multiple drives.

A couple of years ago I wrote a tool called ChDrvLetter that can assign a specific drive letter to a partition given it’s volumename. In that tool I also included an option for CD/DVD drives.

Using the CDROM [Letters] parameter you can assign specific letters to the CD/DVD drives.

(more…)

Recently I published a Proof of Concept that showed it was possible to launch unauthorized processes with both AppSense Application Manager and RES Workspace Manager.

Although I didn’t test Microsoft Applocker I have no doubt at all that we couldn’t bypass it.

I have named my Proof of Concept the XLSploit because I am using Excel as a trampoline. I choose Excel because this is generally a trusted process and VBA offers access to the Windows API that is needed.

After publishing the XLSploit I have talked to both RES and AppSense and not that they both have a response to my Proof of Concept, I consider it safe to tell a little more about how it works.

If you are merely interested in stopping the XLSploit, please scroll down to the end of the article.

(more…)