Hi, we're trying to use PsExex utility to launch 2 .exe files with some parameters on some server from a client application. The server is running Windows server 2003, the client Windows 7 Professional...
psexec in fact does run as the user
running the command window that initiated the command. I use this
command almost daily to run either command shells, batch or vbscripts,
etc on remote computers. I've learned some about its behavior from
watching the results.
Basically, psexec copies itself to the
ADMIN$ share on the remote computer. It then installs a service on the
remote computer, and runs that service, which is the copied file. This
then executes the command that you specified in the psexec command line.
with that in mind, the user running psexec from the command line needs
to have admin rights to the remote computer. You can bypass this
requirement by using the "-u" parameter, and specifying a
domainname\username. Domainname can be the remote computer's name if
you have a local user. By putting in just the -u parameter, you'll then
be prompted to type in the hidden password.
Once running on the remote computer, psexec will function in one of three ways:
1 - If no special parameter used, will run in the same user account as the person initiating the psexec command.
2 - If the "-u" parameter is used, it will run as that user.
3 - If the "-s" parameter is used, it will run as a local system account
In either of these 3 cases, you first have to have admin rights to use the ADMIN$ share and install a service.
When domain membership is broken on a computer, I'll frequently use a command line like this:
psexec -u COMPUTERNAME\Administrator \\COMPUTERNAME cmd.exe
will allow me to have local admin rights by connecting to the remote
computer as the local administrator account. It will also run the
cmd.exe command as the local admin account.
Aug 30, 2011 |