I am used a backup software (under Windows Server 2012 R2) that seems to use smb to write to the remote backup device. I have realized that, upon completion, credentials are "still there" so a ransomware attack would make its way to the backup copies (no worries as we have external copies). Nevertheless, I have tried with no success to remove such credentials.
If I do it through command line, it seems to work (if the files explorer is not open):
net use \\server\share /d
klist purge
Nevertheless, if I include both files on a batch file and invoke it from my programmed tasks, it does not seem to work, only when invoked from the command line. I have created the programmed task using the domain Administrator account (the same I use when invoking from the command line)
What can be the reason for this behaviour?
EDIT to add expected behavior
I expect to be unable to access the network share without being prompted for the user/password. This does happen whenever I run the script from the command line but not when the script is invoked from a scheduled task. Reminder: the task is run under the same user that is running the script from the command line.
0 Answers