PsExec - CMD

Overview

PsExec is a lightweight telnet replacement tool that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. It’s part of the Sysinternals Suite of tools for Windows administration and can be used to launch GUI applications remotely, run programs as if they are running on a remote system, and run commands across a network of computers concurrently.

Syntax

To use PsExec, the basic syntax you would follow is:

psexec [\\computer[,computer2[,...] | @file]][-u user [-p psswd]] [options] <command> [arguments]
  • \\computer : Specifies the target computer. Replace computer with the hostname or IP address.
  • @file : Runs the command on every computer listed in the file.
  • -u user : Specifies the username with which the command will be run.
  • -p psswd : Specifies the password for the given username. If omitted, PsExec will prompt for it.
  • <command> : The command to execute.
  • [arguments] : The arguments to pass to the command.

Options/Flags

  • -d : Don’t await process termination (“fire and forget”).
  • -e : Do not load the specified account’s profile.
  • -h : If the target system is Vista or higher, has the process run with the account’s elevated token, if available.
  • -i : Interact with the desktop of the specified session on the remote system.
  • -l : Run the process as a limited user (strips the Administrators group and allows only privileges assigned to the Users group).
  • -n s : Specifies timeout in seconds connecting to remote computers.
  • -s : Run the process in the System account.
  • -x : Display the UI on the Winlogon secure desktop (local system only).
  • -accepteula : Suppresses the display of the license dialog.

Examples

  1. Simple Command Execution on a Remote Computer:

    psexec \\192.168.1.5 -u MyUsername -p MyPassword ipconfig

    This command displays the IP configuration on the remote machine 192.168.1.5.

  2. Running a GUI Application Remotely:

    psexec \\remotePC -i -u User -p Pass "c:\path\to\application.exe"

    This will run application.exe interactively on the desktop of the user User on remotePC.

  3. Execute Commands on Multiple Computers:

    psexec @pc_list.txt -u admin -p pwd cmd /c "echo Hello World > C:\hello.txt"

    This sends a command to all computers listed in the pc_list.txt file, creating a text file on each with “Hello World”.

Common Issues

  • Access Denied: Ensure correct permissions and that the account has the required rights.
  • Network Path Not Found: Check network connections, and make sure the target machine is reachable.
  • Antivirus Blockage: Sometimes, antivirus software might block PsExec. Adding exclusions or disabling the AV can help troubleshoot this.

Integration

PsExec can be used in scripts to run processes across many machines, such as updating software, restarting services, or pulling logs. For instance, a batch file to clean temporary files on all machines listed in a text file could look like:

psexec @computerlist.txt -s cleanmgr /sagerun:1

This uses cleanmgr (Disk Cleanup) to run cleanup operations configured in cleanup run 1.

  • PsList: Displays detailed information about processes on a local or remote system.
  • PsKill: Terminates a process on a local or remote system.

For more detailed PsExec usage and examples, check the official PsExec documentation.

This guide should help administrators and tech enthusiasts efficiently use PsExec for remote administration and task automation, enhancing operational capabilities across networked computers.