PsExec (PsTools)

Execute a command-line process on a remote machine.

Syntax
      psexec \\computer[,computer[,..] [options] command [arguments]

      psexec @run_file [options] command [arguments]

Options:

   computer   The computer on which psexec will run command. Default = local system 
              To run against all computers in the current domain enter "\\*"
               
   @run_file  Run command on every computer listed in the text file specified.

   command    Name of the program to execute

   arguments  Arguments to pass (file paths must be absolute paths on the target system)

   -a n,n,... Set processor affinity to n. Processors are numbered as 1,2,3,4 etc
              so to run the application on CPU 2 and CPU 4, enter: "-a 2,4"

   -c         Copy the program (command)to the remote system for execution.
   -c -f      Copy even if the file already exists on the remote system.
   -c -v      Copy only if the file is a higher version or is newer than the remote copy.

   If you omit the -c option then the application must be in the system path on the remote system.

   -d         Don’t wait for the application to terminate.
              Only use for non-interactive applications.

   -e         Load the user account's profile, don’t use with the system account (-s)

   -i         Interactive - Run the program so that it interacts with the desktop on the remote system.

   -l         Limited - Run process as limited user. Only allow privs assigned to the Users group.

   -n s       Specify a timeout s seconds for connecting to the remote computer.

   -p psswd   Specify a password for user (optional). Passed as clear text.
              If omitted, you will be prompted to enter a hidden password.

   -s         Run remote process in the SYSTEM account (use with caution).

   -u user    Specify a user name for login to remote computer(optional).

   -w directory Set the working directory of the process (relative to the remote computer).

   -x         Display the UI on the Winlogon desktop (local system only).

  -low, -belownormal, -abovenormal, -high or -realtime
              These options will run the process at a different priority.

   -accepteula Suppress the display of the license dialog.

Psexec can also be used to start GUI applications, but in that case the GUI will appear on the remote machine.

Input is passed to the remote system when you press the enter key - typing Ctrl-C will terminate the remote process.

When you specify a username the remote process will execute in that account, and will have access to that account's network resources.

If you omit username the remote process will run in the same account from which you execute PsExec, but because the remote process is impersonating it will not have access to network resources on the remote system.

If you do specify an alternative username/password, then PsExec will send the password in clear text. This may be a security risk if unauthorized network sniffers could intercept traffic between the local and remote system.

PsExec does not require you to be an administrator of the local filesystem, with the correct password psexec will allow UserA to run commands as UserB - a Runas replacement.

PsExec can also be used to start a process (on a remote or local machine) as SYSTEM, this is a very privileged account similar to root on a UNIX machine ~ use with extreme caution.

When launched for the first time, PsExec will create the regkey
HKCU\Software\Sysinternals\PsExec\EulaAccepted=0x01

Surround any long filenames "with quotation marks"

Internal commands

Internal commands (such as COPY, CD, DIR etc) are only available within the CMD shell. To run these commands from PsExec you must call CMD /C and then pass the commands as parameters - see the examples below.

Examples:

Launch an interactive command prompt on \\workstation64, the CMD prompt window will appear locally:

psexec \\workstation64 cmd

Execute a program that is already installed on the remote system:

psexec \\workstation64 "c:\Program Files\test.exe"

Connect to workstation64 and list a directory:

psexec \\workstation64 -s cmd /c dir c:\work

Connect to workstation64 and copy a file from another server:

psexec \\workstation64 -s cmd /c copy \\server21\share45\file.ext c:\localpath

Execute IpConfig on the remote system, and display the output locally:

psexec \\workstation64 ipconfig /all

Copy the program test.exe to the remote system and execute it interactively, running under the account DannyGlover:

psexec \\workstation64 -c test.exe -u DannyGlover -p Pa55w0rd

Run Internet Explorer on the local machine but with limited-user privileges:

psexec -l -d "c:\program files\internet explorer\iexplore.exe"

Run Regedit on the local machine with SYSTEM privileges:

psexec -s -i regedit.exe

From PowerShell, run a VBscript on a remote workstation and pass some parameters:

PS C:> $script='C:\Program Files\demo.vbs'
PS C:> $myparam1 = "some more text"
PS C:> psexec -s \\workstation64 c:\windows\system32\cscript.exe $script $myparam1

“Don’t ask what the world needs. Ask what makes you come alive, and go do it. Because what the world needs is people who have come alive” - Howard Thurman

Related:

FAQ: Common PSTools Issues
Q942817 - Remote UAC LocalAccountTokenFilterPolicy setting (allow remote administration for Vista/Windows7)
RUNAS - Execute a program under a different user account
xCMD - 3rd party utility
Equivalent bash command (Linux): xon - start an X program on a remote machine


© Copyright SS64.com 1999-2014
Some rights reserved