PsExec – Windows CMD Command

Execute a command-line process on a remote machine.

For PsExec to work, File and Printer sharing must be enabled on the remote computer. This can be done with netsh advfirewall or Group Policy (Local Computer Policy > User Configuration > Administrative Templates > Windows Components > Network Sharing)
You may also have to enable it under Control Panel > Network > Network Adapter > properties.

PsExec can be used to start GUI applications, but in that case, the GUI will appear on the remote machine.

Input is passed to the remote system when you press the enter key – typing Ctrl-C will terminate the remote process.

When you specify a username the remote process will execute in that account and will have access to that account’s network resources.

If you omit username the remote process will run in the same account from which you execute PsExec, but because the remote process is impersonating it will not have access to network resources on the remote system.

If you do specify an alternative username/password, then PsExec will send the login password in cleartext. This can be a security risk if unauthorized network sniffers could intercept traffic between the local and remote systems.

PsExec does not require you to be an administrator of the local filesystem, with the correct password psexec will allow UserA to run commands as UserB – a Runas replacement.

If you kill a PsExec process, you might also need to manually remove the background service:
sc.exe \\workstationf4t delete psexesvc

PsExec can also be used to start a process (on a remote or local machine) as SYSTEM, this is a very privileged account similar to root on a UNIX machine ~ use with extreme caution.

Accept eula

When launched for the first time, PsExec will create the license registry key:

Psexec will swallow the first “-accepteula” on the command-line, no matter where it occurs, so when using psexec to run any other ps* utilities, you will have to pass “-accepteula” twice:

psexec -accepteula -s c:\utils\pslist.exe -accepteula

Surround any long filenames “with quotation marks”

Error codes returned by PsExec are specific to the applications you execute, not PsExec.

Internal commands

Internal commands (such as COPY, CD, DIR, etc) are only available within the CMD shell. To run these commands from PsExec you must call CMD /C and then pass the commands as parameters – see the examples below.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *