none
Qualys tool tells me to remove a "rexec" service from my systems. What is this and how do I find it?

    Question

  • I'm using a Qualys tool at my company that says "We strongly advise that you remove the "rexec" service from your system.  If an alternative is required, we recommend installing Secure Shell (SSH) which has the same features as the "r* services" daemon, but also adds an encryption layer on top of the protocol to prevent eavesdropping and provide better authentication."

    Now I just wrote a powershell script to search the list of machines this tool says have the rexec service and not a one came back positive with having the service. I researched and found it seems like only on Linix machines but the machines the Qualys tool listed are all windows 7 enterprise x64 machines. I did find Putty on a few machines but I'm not sure if this is significant.

    would anyone know where I can start on this or what the security wants me to find exactly? Should I be writing some kind of script to look at programs that have rexec ...if so, why do these programs have rexec? 

    Thank you for your time and consideration.

    Tuesday, March 28, 2017 5:53 PM

All replies

  • Rexec

    In order to run commands on a remote, non-Windows computer, computers running the Windows Server 2003 family, Windows XP, and Windows 2000 operating systems can use the Rexec tool to connect to non-Windows computers that provide the Rexec service (daemon) and that have the service running. The rexec command authenticates the user name on the remote computer before executing the specified command. Used without parameters, rexec displays help.

    Note

    You cannot connect to computers running the Windows Server 2003 family, Windows XP and Windows 2000 operating systems by using the rexec command because Windows operating systems do not provide the Rexec service.

    Rexec is not included in Windows 7, it is deprecated, and is not guaranteed to be supported in future releases of Windows.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 17, 2017 6:28 AM
    Moderator
  • I think you have done enough, since your script didn’t find rexec service on Windows machines, I think this service is not exist.

    You could open Service interface to double check, if there is does not, I think you need to contact the Qualys tool publisher for support.

    From my survey, there is not a documentation introducing a way to disable rexec service on Windows 7 and later Windows system.

    http://booosystemadmin.blogspot.sg/2010/07/to-disable-telnetrexecrsh-on-aix.html

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 17, 2017 6:34 AM
    Moderator