Execute remote commands with psexec pstools - cmd Windows
The pstools can be used to execute commands on other computers: Of course, this requires the necessary rights for the remote connection: by default, these are the domain administrator or the local administrator. As an alternative for a remote connection to another computer, PowerShell remoting can also be used, see: Powershell Remote
psinfo
Read system information with
psinfo \\hostnameoutput to a file works with cmd board means:
psinfo \\Hostname >> c:\temp\ausgabe.txt
Note: a similar evaluation is also provided by
psexec \\hostname systeminfoe.g. the output could also be filtered immediately:
psexec \\hostname systeminfo | find "Betriebssystemname"
systeminfo returns the following information:
- Hostname;
- operating system name;
- operating system version:
- Operating system manufacturer
- Operating system configuration:
- Operating system build type:
- Registered user:
- Registered Organization:
- Product ID:
- Original installation date:
- System start time:
- System Manufacturer:
- System Model:
- System Type:
- Processor(s):
- BIOS version:
- Windows directory:
- System Directory:
- Boot device:
- System locale:
- Input locale:
- Time zone:
- Total physical memory
- Available physical memory
- Virtual memory
- Maximum size
- Virtual memory
- Available
- Virtual memory
- Currently in use
- Swap file path(s):
- Domain:
- Logon Server:
- Hotfix(es):
pslist
running tasks with
pslist \\hostname
pskill
with pskill you can stop tasks which were shown before with pslist
pskill \\hostname PidNrpsexec
with psexec \hostname command a CommandLine command can be executed on the remote computer:
Example:
psexec \\Hostname cmdopens the command prompt of the remote computer
output to a file works with cmd board means:
psexec \\Hostname cmd >> c:\temp\ausgabe.txtpsexec software installation
psexec \\hostname \\server\share_mit_Sofwaresource\install.exe /swrite psexec values to registry
psexec \\hostname reg add \\COMPUTERNAME\HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters /t REG_DWORD /v autosharewks /d 1 /fpsexec on multiple computers:
psexec @hosts.txt reg add \\COMPUTERNAME\HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters /t REG_DWORD /v autosharewks /d 1 /f
in the hosts.txt you can write a hostname in each line, psexec then connects to the hosts one after the other and executes a command there.
Install programs
Example:
psexec \\hostname install.exe /simportant: the installation must be done silently, i.e. in the background (or unattended), if a GUI is loaded or requested, the installation will not work. During the installation you have to specify the parameters for the unattended installation.
Uninstall programs
psexec \\hostname msiexec /x {GUID} /qUpdate Windows 10/11
Windows firewall
If the PC was initially set as "not visible" for the network, PSExec cannot access the computer:
"The network path was not found".
Responsible for this is, if the firewall is activated, the incoming rule "File and print sharing (SMB incoming) at the target computer.
After activating the rule the error "Access denied" appears
LocalAccountTokenFilterPolicy
Unfortunately the connection only works with "Access Denied".
responsible for this is the following entry in the registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
new DWORD value (32bit)
LocalAccountTokenFilterPolicy = 1
The setting is active immediately, the computer does not need to be restarted for this.
({{pro_count}})
{{percentage}} % positive
({{con_count}})