Author: Peter Barnett Date: Mar 27, 2020
PsExec is a convenient command-line utility, with which you can run programs on remote Windows systems, redirecting data that the application displays to the local PC. Those when working with this utility, one gets the feeling that the application works locally on your PC. Sysinternals PsExec is a free utility and can be downloaded at https://download.sysinternals.com/files/PSTools.zip.
What are the environmental requirements for working with the PsExec utility? To run commands and processes remotely, it is necessary that the Server and Workstation services (Workstation and Server) function on the remote and local PC, and the standard Admin$ share must be available on the remote computer.
The convenience of PsExec is that it is easy to deploy on the network due to the ability to remotely install without having to install or configure anything on each. On a remote PC, PsExec runs as a Windows service with the same name.
PsExec is very convenient for performing many tasks related to the maintenance and administration of remote workstations and servers. You do not need to install it, you can simply copy it to the directory defined in the %path% variable (for example, C:/Windows/System32). When you run commands through PsExec on a remote PC, the PsExec service (executable file system32psexesvc.exe) will start, so for normal operation you will need domain administrator rights on the remote machine. The startup format and command line parameters of the Sysinternals PsExec utility are as follows:
Usage: psexec [computer[,computer2[,…] | @file][-u user [-p psswd]][-n s][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-
In case the username and password are not specified, the rights of the current user are used:
psexec buh_pc1 cmd.exe
psexec buh_pc1 -u admin -p P @ ssw0rd notepad.exe
In principle, this utility can be considered as an alternative to telnet.
Attention: when using PsExec, be careful, because in principle the connection between the server and the PsExec client is not encrypted and data can be intercepted by a network sniffer.
If you need to run a certain command on several computers at the same time (for example,
shutdown –f –r –t 0), then their names or ip-addresses must be separated by commas, or placed in a text file, which should be selected as one of their parameters PsExec Utilities
psexec buh_pc1, buh_pc2 shutdown –f –r –t 0
psexec @c: list_of_buh_pc.txt shutdown –f –r –t 0
When using the “-c” switch, the specified program will first be copied from your PC to the remote one, and then executed. The -i switch causes the specified command to start interactively. If, after running a certain command, PsExec does not wait for its end, but turns control (command line) for you, you need to specify the “-d” parameter:
psexec -d buh_pc1 chkdsk
This command starts the disk verification process on the remote system, and the administrator can continue to enter commands.