rwin.exe is placed when password sync with Windows Remote
search cancel

rwin.exe is placed when password sync with Windows Remote

book

Article ID: 125661

calendar_today

Updated On: 12-02-2022

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We found ‘rwin.exe’ is created under C$ of the target server when password changing by ‘Windows Remote’.
But it is not always created, sometimes there is no rwin.exe though eventually the password change is done correctly.
Why rwin.exe is not always created?
How the password change happens even when rwin.exe is not placed?

Environment

Privileged Access Manager, all versions

Resolution

At first, it tries with samba commands such as smbpasswd or net.
If those fails, rwin.exe is copied to \\HOSTNAME\C$ onto the target machine and tries to synchronize the password.
These communications are done via SMB port(445) as documented at Prerequisites for Using the Windows Remote Connector.