10 PsExec applications you need to know about!
What's in the box?
Have you just installed PsExec, but don't know where to start using it? Don't panic, in this article we'll give you 10 examples of how to use PsExec to get off to a good start, and understand the syntax of this incredible tool.
Before moving on to the examples, a few words about the tool itself....
PsExec is a free tool from Microsoft, part of the SysInternals tool suite. It enables remote administration tasks to be carried out between Windows machines, without the need to install an agent on the target machine.
This tool is based on the administrative sharing admin$ of WindowsIt requires the local firewall to authorize 445/TCP flow. Then, provided you have the right rights (an administrator account), you can administer your Windows machine remotely. Another advantage of this tool is that it works with all versions of Windows: from Windows XP to Windows 11, including the various versions of Windows Server.
1. Run a command on a remote machine
To execute a simple command on a remote machine and obtain the result in the console, the syntax is simple. Here's an example where I run the "ipconfig" command on the "server-tutobox" server.
psexec \serveur-tutobox ipconfig2. Run a command on several machines
The tool can target several machines, which it will interrogate in turn, in order. This list of machines can be compiled manually, or retrieved from Active Directory, a CSV file, etc.... Here's how to target three servers to obtain the result of the "ipconfig" command:
psexec \server-tutobox1,server-tutobox2,server-tutobox3 ipconfigThe console will return the result for all three servers. In the event of a server blocking execution of this tool or being unreachable, an error message will be displayed in the console.
3. Launching a PowerShell console with PsExec
PsExec is able to open a PowerShell console on the remote host, where you can enter all your commands as if you were local to the target machine.
psexec \serveur-tutobox powershell.exe4. Execute a command with the SYSTEM account
The " NT AUTHORITY\SYSTEM "can be used through this toolwhich corresponds to an even higher level of rights than Administrator. You can use it to execute a simple command or open a PowerShell console with this level of rights.
psexec -s \\serveur-tutobox powershell.exe5. Launch a local PowerShell console with the SYSTEM account
The tool is also useful for executing commands on the local machine using another user, or for running a program with the "NT AUTHORITY\SYSTEM" account. The command below launches a PowerShell console on the local host with the SYSTEM account.
psexec -i -s powershell.exe6. Run a batch script with a specific user
To execute the "C:\mon-script.bat" batch script (located locally, which will be copied to the remote host and then executed), using the "TUTOBOX\Admin" Active Directory domain account, we use this syntax:
psexec \serveur-tutobox -u TUTOBOX\Admin -p AdminMotDePasse cmd.exe /c "C:\mon-script.bat"7. Executing a PowerShell command
By specifying "powershell" followed by the -Command parameter, you can specify a PowerShell command to be executed on the remote host. The result will be displayed in the local console. In this example, we create a file on the remote host.
psexec \serveur-tutobox powershell -Command New-Item -ItemType File -Path "C:\fichier.txt"8. Running a PowerShell script with PsExec
In addition to running a PowerShell command with this tool, you can also run a PowerShell script on a remote machine, specifying a network path to the script. Otherwise, the remote host will not be able to access the file. The -ExecutionPolicy Bypass option lets you override the local machine's execution policy and force our script to be launched.
psexec \serveur-tutobox powershell -File "\serveur-fichiers.tutobox.local\scripts\mon-script.ps1" -ExecutionPolicy Bypass9. Execute a command on all machines
The command below will execute the " choco upgrade all "This command is specific to Chocolatey and is used to update packages. This command is specific to Chocolatey and is used to update packages. As a reminder, Chocolatey is a package manager that can be installed on a Windows machine to easily install software from the command line. It's a very popular and appreciated tool! Having said that, this is just an example - you could run another command than this one.
psexec \* choco upgrade all10. Installing software in MSI format with PsExec
This tool allows you to use a wide variety of commands, with unlimited possibilities. Using MsiExec, you can install software in MSI format on one or more machines, always remotely.
psexec \serveur-tutobox -s msiexec.exe /i \serveurs-fichiers.tutobox.local\logiciels\vlc-mediaplayer.msi /qI hope you find these examples useful! Have fun...!
Resources :
