Wednesday 11 July 2012

Using PsExec to execute a process remotely

Every now and then, people (particularly admins) need to be able to execute processes/commands remotely against a machine. PsExec proves to be more than handy in such cases. One of the big advantages of using Psexec is that like many other utilities out there, you can execute preocesses remotely. However, unlike most of them, it does not require you to install/store software on the remote systems that you wish to access.

The simplest example of 'remoting' into another system and firing up the terminal would be achieved by simply executing the following script :-
PsExec.exe \\RemoteMachine cmd.exe
It lets you execute commands on the remote machine as if you are logged in. However, I intentionally left out a couple of details. The user you are executing this command against, needs to be added as an user on the remote computer. However, frequently the need is to execute a process in some other account on the remote system. In such cases, you can provide user details as such :-
PsExec.exe \\RemoteMachine -u Domain\username -p password cmd.exe
When you specify a username the remote process will execute in that account, and will have access to that account's network resources. If you omit username the remote process will run in the same account from which you execute PsExec, but because the remote process is impersonating it will bot have access to network resourcess on the remote system. Also, PsExec does not require you to be an admin of the local system. Some command are available only in the CMD shell, and hence the user needs to call "cmd /c".

Another important aspect of PsExec, which would have been noticed by the astute readers is that when you first run PsExec, it asks you to accept an eula. In case a script using Psexec is run by different users and scripts (in order to automate stuff), Psexec requires an extra argument, and that's "accepteula". Not having this argument would mean that the script hangs waiting for a user to accept the eula.
PsExec.exe -accepteula \\RemoteMachine -u Domain\username -p password cmd.exe
In case a particular executable needs to be run and passed parameters, the command looks like :-
PsExec.exe -accepteula \\RemoteMachine -u Domain\username -p password executable arguments
As can probably be seen, its a nifty little tool which can be immensely helpful, particularly if telnet or any other utility is not installed on the remote system, either due to restrictions on installing software or otherwise.