Execute remote commands with psexec pstools - cmd Windows

 

The pstools can be used to execute commands on other computers: Of course, this requires the necessary rights for the remote connection: by default, these are the domain administrator or the local administrator. As an alternative for a remote connection to another computer, PowerShell remoting can also be used, see: Powershell Remote

psinfo

Read system information with

Batch
psinfo \\hostname

output to a file works with cmd board means:

Batch
 psinfo \\Hostname >> c:\temp\ausgabe.txt

Note: a similar evaluation is also provided by

Batch
psexec \\hostname systeminfo

e.g. the output could also be filtered immediately:

Batch
psexec \\hostname systeminfo | find "Betriebssystemname"

 

systeminfo returns the following information:

  • Hostname;
  • operating system name;
  • operating system version:
  • Operating system manufacturer
  • Operating system configuration:
  • Operating system build type:
  • Registered user:
  • Registered Organization:
  • Product ID:
  • Original installation date:
  • System start time:
  • System Manufacturer:
  • System Model:
  • System Type:
  • Processor(s):
  • BIOS version:
  • Windows directory:
  • System Directory:
  • Boot device:
  • System locale:
  • Input locale:
  • Time zone:
  • Total physical memory
  • Available physical memory
  • Virtual memory
  • Maximum size
  • Virtual memory
  • Available
  • Virtual memory
  • Currently in use
  • Swap file path(s):
  • Domain:
  • Logon Server:
  • Hotfix(es):

pslist

running tasks with

batch
pslist \\hostname

pskill

with pskill you can stop tasks which were shown before with pslist

batch
pskill \\hostname PidNr

psexec

with psexec \hostname command a CommandLine command can be executed on the remote computer:

Example:

Batch
psexec \\Hostname cmd

opens the command prompt of the remote computer

output to a file works with cmd board means:

Batch
psexec \\Hostname cmd >> c:\temp\ausgabe.txt

psexec software installation

Batch
psexec \\hostname \\server\share_mit_Sofwaresource\install.exe /s

write psexec values to registry

Batch
psexec \\hostname reg add \\COMPUTERNAME\HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters /t REG_DWORD /v autosharewks /d 1 /f

psexec on multiple computers:

Batch
psexec @hosts.txt reg add \\COMPUTERNAME\HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters /t REG_DWORD /v autosharewks /d 1 /f

in the hosts.txt you can write a hostname in each line, psexec then connects to the hosts one after the other and executes a command there.

Install programs

Example:

Batch
psexec \\hostname install.exe /s

important: the installation must be done silently, i.e. in the background (or unattended), if a GUI is loaded or requested, the installation will not work. During the installation you have to specify the parameters for the unattended installation.

Uninstall programs

Batch
psexec \\hostname msiexec /x {GUID} /q

Update Windows 10/11

Windows firewall

If the PC was initially set as "not visible" for the network, PSExec cannot access the computer:

"The network path was not found".

Responsible for this is, if the firewall is activated, the incoming rule "File and print sharing (SMB incoming) at the target computer.

After activating the rule the error "Access denied" appears

LocalAccountTokenFilterPolicy

Unfortunately the connection only works with "Access Denied".

responsible for this is the following entry in the registry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

new DWORD value (32bit)

LocalAccountTokenFilterPolicy = 1

The setting is active immediately, the computer does not need to be restarted for this.

 

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

created by Bernhard | published: 2023-03-01 Übersetzung Deutsch |🔔 | Comments:0

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details