What is the purpose of using PsExec to run commands remotely? It will be a rather vague and confusing concept if you do not have a lot of knowledge in IT or have no experience in performing this task on your device.
In general, it is a program that allows you to execute processes on systems with console applications. The most potent applications of this one are starting interactive command prompts on remote systems. This enables applications like IpConfig.
Learn more about it, and check out our detailed guidelines in the next parts!
What Is PsExec?
This one sometimes known as psexec.exe, is a Windows command-line tool. Administrators can use it to execute programs on nearby computers and, more frequently, on remote ones.
It is a free program created by Mark Russinovich many years ago and is a component of the Sysinternals tools package. This one was designed to take the role of technologies like telnet, which required you to open ports and create security flaws.
With it, console applications may be interactive without installing extra software. This Ultimate Guide will show you how to use it to run commands on many computers at the same time. And how to launch command prompts, run as a local system on distant systems, and more.
Since Windows XP, it has supported every version of Windows. That confirms that this tool is available for Windows 10 as well.
Although it’s a straightforward tool and compatible with almost anything. So, don’t mistake its simplicity for its power. Even if PowerShell Remoting is now available, this one still has its uses.
Prerequisite For It
Before you can use this program, your system and the distant ones in your network should comply with the following requirements:
- A Windows computer
- Both local and remote PCs must have file and printer sharing turned on (TCP port 445 must be opened)
- The PowerShell cmdlet Invoke-Command can be used to set the firewall rule on many distant workstations.
- It is necessary to allow the system admin to share.
Given that it was used to send commands or passwords in clear text across the network, an earlier version of PsExec wasn’t all that secure. However, it encrypts the alternate commands or credentials in transit as of version 2.1. It would be better if it runs at the most recent version.
Due to its capabilities, hackers frequently use it with other tools, like Metasploit, to launch harmful attacks. Major antivirus programs have started to label it as malware because of this.
This one is susceptible to many viruses and ransomware since it leverages the printer sharing service. Never expose this service to a public network. Ensure it is appropriately secured and limited to the local network only.
Using PsExec To Run Commands Remotely
- Download the file: You can download it from Microsoft Ignite.
- Extract the downloaded file: PSTools.zip should be unzipped and copied to a location on your hard drive. You can save it where it is convenient for you to continue the next steps.
- Test it: It should be entered after opening the command prompt and moving to the Pstools directory. This one should return the command syntax and version.
You may quickly view the command line and syntax arguments by typing PsExec.
The process launches on the distant computer using your current login information. This is also used to launch it on your machine if you did not supply the username and password.
Remember that if you have a distant computer using another user account. You’ll need to fill in the password in plain text across the network to your machine remotely.
The Sysinternals Agreement must be accepted the first time it is run.
- Type “psexec pc1 ipconfig” on a single remote machine to execute a command.
- Run the “psexec \\pc1,srv-vm1 ipconfig” command on multiple computers.
- If you need to connect your remote computer with the specific user name and password, type “psexec \\pc1 -u user -p password ipconfig“.
- When you want to stop a process from remote devices, use the “psexec \\pc1 tasklist” command.
- For restarting your device from a distance, type “psexec \\pc1 shutdown /r /t 60“
- Using command “psexec \\pc1 cmd /c del /f c:\it\users.txt” to delete an available file.
- To start your batch file or copy it, the command “psexec \\pc1 -c pcinfo.bat” is helpful.
The common errors you may face are “Access is denied”, “Couldn’t start/run the PsExec”, etc. To fix them, you can follow the below instruction:
- Ensure that your user is a part of the distant computer’s local administrators group;
- You can type as follow if the username on a remote device is different from the current security context: PsExec \\PC1 -u PC1\user1 -p admin password -h -I cmd
- Be certain that your user is a part of the local administrators on the distant device;
- Try to specify remote user credentials as described below if the username on a distant user isn’t similar to our current security context.
Using PsExec to run commands remotely isn’t too difficult to carry out. However, you need to understand and apply the commands properly.
As mentioned above, this tool can be dangerous in leaking your personal information if you use it the wrong way. It would be better to pay more attention and be careful when processing.