If you need to run several commands one by one, it’s better to run the PsExec in the interactive mode on the remote computer. To restart the remote computer, run the following command: psexec \\lon-srv01 "cmd.exe" "/c shutdown /f /r/ /t 60" Let’s look at useful examples of using PsExec to execute commands on remote computers. This option means that all commands will be executed in the “Run as Administrator” mode. To run the commands with the account’s elevated token, use the –h option. When you run cmd.exe interactively through PsExec under a remote user, you have no way to elevate privileges (as Admin) when the UAC is enabled. When the work is completed, PsExec stops the service and automatically removes it from the remote computer. If your account doesn’t have the local administrator rights on the remote Windows host, an error will appear: If the command was successful, you will see the exit code 0. In our example, after ipconfig finishes, all the text output will be transferred to your computer, and the error code will also be returned. PsExec then sends your command to be executed on the remote computer and waits for the result. After running PSEXESVC, a connection is established for data transfer between this service, and the PsExec process on your computer. Then it starts the PSEXESVC service on the remote computer using the Windows API. Run the command: psexec \\lon-srv01 ipconfig /flushdnsĪfter you run this command, the PsExec copies the psexesvc.exe file to the hidden administrative folder Admin$ of the specified remote computer (C:\Windows\System32\psexesvc.exe). psexec /accepteulaĪs an example, we want to purge the DNS cache (with the “ipconfig /flushdns” command) on the remote computer lon-srv01. To prevent the graphical prompt with the license agreement from being displayed, you can add the /accepteula switch when you first start PsExec. When you start PsExec for the first time, you need to accept the Sysinternals License Agreement. If you need to execute commands on a remote computer under a different user account, keep in mind, that the password is sent over the network to the remote system in plain text. If you did not specify the user name and password, then the remote process starts on the remote computer under your current credentials, which are used to start the PsExec process on your computer. The syntax for PsExec is as follows: psexec \\RemotePCName ] command Netsh advfirewall firewall add rule name="NETBIOS" dir=in action=allow protocol=UDP localport=139 How to Use PsExec? You can open these ports on a remote computer using the Windows Defender Firewall GUI or using the commands: netsh advfirewall firewall add rule name="SMB" dir=in action=allow protocol=TCP localport=445 The LanmanServer and LanmanWorkstation services must be running on a computer. You must have administrator credentials on the remote computer, or the user under which you are running PsExec must be added to the Administrators group on the remote computer.TCP/445 (SMB) and UDP/137 (NETBIOS) ports must be open on the remote computer.To connect to a remote computer via PsExec, the following conditions must be met: You can run PsExec from the command prompt or PowerShell console. In order to use the PsExec tool, simply download the PSTools.zip archive from Microsoft and extract the PsExec64.exe and PsExec.exe files to any folder on your computer (it is convenient to copy it to the default executable folder C:\Windows\System32).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |