Feb 05 2020

How SysAdmins Can Take PsExec to the Next Level

This popular command-line tool allows administrators to run code remotely. Here are some advanced tips for getting even more out of it.

Microsoft Sysinternals PsExec is an essential tool for any IT administrator. Able to remotely execute commands, install software, launch applications and run as the system account, PsExec makes short work of common administrative tasks. With that in mind, let’s jump into some common PsExec commands and scenarios.

1. Launch Applications. The system account for Windows has full access to Windows. Thus, being able to launch an application as the system account is very useful. For example, launching Regedit as the system account allows access to the SAM registry hive. To do this, run the following command: psexec -s -i regedit.exe. By specifying the -s switch, we tell PsExec to run as the system account and by using the -i switch, we are telling PsExec to run interactively.

2. Install and Update Software. To ease this seemingly never-ending task without needing the user interface on a remote system, leverage PsExec. To install an MSI package located locally and named “install.msi,” run the following command: psexec.exe \\REMOTE –i –s "msiexec.exe /i install.msi" -c install.msi. Unlike the previous command, this introduces the -c switch, which tells PsExec to copy the file to the remote system.

3. Pass encrypted credentials. Our current user may not have the rights necessary on a remote system. In this case, we can use PsExec to pass an encrypted credential to the remote system to execute our command. To run an interactive remote command prompt as a different user, run the following command: psexec \\REMOTE cmd.exe -i -u domain.local\admin -p password. The introduction of the -u switch for the user and the -p password switch allows us to execute as a different user.

4. Open a graphical application remotely. PsExec makes it simple to launch a graphical application remotely. In this case, let’s open up notepad remotely for an end-user to record information. To do this, run the following command: psexec \\REMOTE -i notepad.exe -d. By specifying the -d disconnect switch, PsExec will end the session once notepad is launched. As you can tell, PsExec is an incredibly useful tool. 

tookitook/Getty Images