psexec cover

Using PsExec to Run Commands Remotely


The PsExec is an easy Windows utility to replace the telnet tool. It allows you to run programs and processes on remote systems, using all the features of the interactive interface of console applications, without having to manually install the client software. The main advantage of PsExec is the ability to invoke the interactive command-line interface on remote systems and remotely run programs (in the background and in the interactive mode) and execute any commands.

The PsExec utility is one of the most popular programs of the PsTools package from Sysinternals. You can download it on this page: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

psexec

In order to use the utility, simply copy it to the folder on your computer (it is convenient to copy it to the default executable folder C:\Windows\system32) and run it from the command prompt or PowerShell console.

How Does PsExec Work?

In the resources of the executable file PsExec.exe is another executable file – PSEXESVC, which is a Windows service file. When installing a connection to a remote computer, the PsExec utility copies this file to the hidden administrative folder of the remote computer Admin$ (C:\Windows\system32\psexesvc.exe).

Then PsExec installs and starts the PSEXESVC service using the Windows functions API for managing services. After running PSEXESVC between this service and the PsExec program on your computer, a connection is established for data transfer (command input and output of results). When the work is completed, PsExec stops the service and automatically removes it from the remote computer.

READ ALSO  How To Install Remote Server Administration Tools for Windows 10

The syntax for PsExec is as follow:

psexec \\RemotePCName [-u username[-p password]] command [arguments]

You can not set the user name and password, then the remote process starts on the remote computer from the same account as the PsExec program. If you need to execute commands on a remote system under a different user, keep in mind that the password is sent over network to the remote system in clear text.

When you start PsExec for the first time, you need to accept Sysinternals License Agreement.

psexec exe

As an example, we will purge the DNS cache on the remote computer lon-srv01:

psexec \\lon-srv01 ipconfig /flushdns

psexec exe tool

The command will be run on the lon-srv01 computer under your credentials. After ipconfig finishes, all text output will be transferred to your computer, and the error code will also be returned. If the command was successful, you will see 0.

If you need to run several commands, it’s best to set up an interactive session with the remote computer. To do this, enter the command:

psexec \\lon-srv01 cmd

Now commands that were typed on the local computer will run on the remote lon-srv01 computer.

psexec exe utility

To end a remote session with Psexec type exit.

Run the Command Simultaneously on Multiple Computers With PsExec

PsExec allows you to run the command simultaneously on multiple computers. To do this, you can enter the computer names separated by commas: psexec \\PC1,PC2 or save them in a text file and then specify its address: psexec @c:\ps\computer_list.txt. If instead of the computer name you put an asterisk (psexec \\*), then the command will be executed on all computers of the domain.

READ ALSO  How To Add Safe Mode To Windows 10 Boot Menu

PsExec has one interesting feature. If you do not specify a computer name, then the command is executed by default on the local system. You can run programs under the system account by using the -s switch. For example, run the CLI session: psexec -s cmd and then check which user you are currently logged on with whoami. As you can see, the console is started from NTauthority\system account.

psexec exe windows

Using the -c switch, you can specify the name of the file that you want to copy to the remote system and execute there. For example:

psexec \\lon-srv01 -c c:\ps\myapp.exe

By default, PsExec executes commands in hidden mode (you won’t notice any windows or dialogs on the remote system where the command is executed). However, you can change this with the -i option. After that, you can specify the session number in which you want to display the console PsExec windows, or you can not specify, then the interface will be displayed in the console session.

Full information about all the parameters of the PsExec can be obtained by simply entering the command psexec in the command line without parameters.

psexec exe program

You may also like:

Deploy LGPO with MDT 2013 Local Group Policy (LGPO) of computer is configured through gpedit.msc snap-in, which does not provide the possibility to export/import settings. That...
How to Setup FTP Server in Windows 10 Nowadays the FTP technology is awesome and we decided to show how to setup and access an FTP server in Windows 10 in a simple way. How to create FTP ...
How to Fix Can’t Connect to Proxy Server on ... In this article we are going to find out how to fix annoying problem on Windows 10. When you try to go in Web, it says Can’t connect to the proxy serv...
Get-service: Checking the Status of Windows Servic... Using the Get-Service cmdlet you can get a list of all the services installed on the operating system, its status and startup type. This one and other...
How to Create Bootable USB Drive from WinRE.wim Fi... In this article we will show you how to create a bootable USB drive with WinRE.WIM file using the standard Windows tools. Boot into WinRE environment ...
Comments
  1. Posted by manofcode

Add Your Comment