Was a sysadmin for years before I became familiar with PSExec.exe and boy it is such a game changer. Everyone in IT should be familiar with how to use it. Be careful however, always remember the more powerful the tool, the more respect you need to give it. Think carefully before you hit that big enter key.
Been watching your videos for years. Thank you for going in depth with this tool as I use it but now have a better understanding of it and learned so many new things it can do. I Appreciate all the great content 👌
great tutorial thank you so much. one question do we need to do a configuration on the remote computer in order to work? like installing psexec or something else. in addition to probably have the print sharing port enable
hello there great video very interesting theme . I wonder if we must use always Admnistrator system user or we can work with a local admin account too.????
why would you use Psexec rather than Powershell? AFAIK powershell is more secured and uses really well windows API (powershell was created by microsoft). Its also native in all kind of windows. And if you want to connect to a remote machine (Enter-PSsesion can do it) and Invoke-command can run scripts to many systems parallely I just want to understand why psexec?
Efrain, you are correct PowerShell is the tool for Enterprise! The video was simply explaining how to use it and how it works. It still can be a useful tool for many. Cheers!
Beautiful video and insight of psexec thank you Does the concept of the sessions apply also to Linux/Unix systems? Do they have 3 session total too in the same way? Thank you
it isnt necessarily 3 sessions, esch user who logs in will have another session created for them. for example: session 0 is created on boot and when the normal user logs in, session 1 is created for thet user. when someone connects with RDC, session 2 is created for it. lets say a second user logs into the computer (e.g. a family member), they would get session 3
So for example with the VLC install if you did not specify a silent install would you have seen the VLC installer appear on your local machine where you scroll through the licence agreement and hit next several times to install it on the remote machine? Or is that type of remote install only capable over a GUI like remote desktop, teamviewer etc?
Ross, this a console tool so no GUI that is why we want a silent install. If you using RDC or Teamviewer then you are thinking correctly but then must select the proper "session" if you want to interact with the install. Great questions!
@@TechsavvyProductions so what would have happened if you didn't select "silent" and just ran the installer while still being within the "session 0" mode? Would the user have seen a GUI installer pop up & would you would have been presented with installation options like agreeing to the EULA, choosing the installation directory etc via your shell prompt?
Keep in mind Session 0 is where protected processes and services are run and the logged on user can not interact with them. You must select a session that the user can view {logged on with keyboard Session 1} {RDC or virtual machine Session 2}
thanks a lot for your video. I have an issue. I created a user say user1.I made this user1 a member of an administrator in the remote machine. when i try to execute psexec using user1,i get "access denied".On the local machine,it is working but does not work on the remote machine.i have made use of the Administrator built in account but no luck
Step 1: Check UAC (User Account Control) on the Remote Machine Disable UAC Remote Restrictions: Even though the user is part of the administrators group, UAC can still restrict remote access for administrative tasks. Modify the following registry key on the remote machine: Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Find or create a DWORD named LocalAccountTokenFilterPolicy Set the value to 1 to disable UAC remote restrictions. Step 2: Verify User1's Administrative Rights Double-check user1’s rights: Ensure that user1 is correctly added to the administrators group on the remote machine. Sometimes changes in user permissions do not take effect until the user logs off and back on. You can do this by running net localgroup administrators on the remote machine to confirm. Step 3: Enable Remote UAC Filter Bypass Ensure that user1 has the necessary remote rights to execute commands. Try running gpedit.msc on the remote machine and checking the following: Under Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment, make sure that user1 has the “Allow log on locally” and “Log on as a batch job” rights. Step 4: Check for Network Policies or Firewalls Ensure the firewall is not blocking: Confirm that psexec is not being blocked by a firewall on the remote machine. You may need to open ports such as 445 (SMB) for remote execution. Step 5: Use Correct psexec Syntax Ensure you are running the correct syntax for psexec. Use the following format: psexec.exe \ emote-machine -u user1 -p password cmd Make sure the username and password for user1 are entered correctly. Step 6: SMB and Administrative Share Access Confirm that administrative shares (like C$) are accessible for user1. You can test this by manually accessing the share: Open \ emote-machine\C$ from the local machine. If access is denied here, the issue may be related to SMB permissions. Step 7: Ensure the Remote Machine's Built-in Admin Account is Enabled Even if user1 is an administrator, some systems have restrictions on non-built-in admin accounts. Try enabling and using the built-in Administrator account on the remote machine: net user administrator /active:yes Step 8: Use Elevated Command Prompt Make sure that when you are launching psexec, you are using an elevated command prompt (right-click cmd and "Run as Administrator") on your local machine.
@@TechsavvyProductions.I have made success using the user1. Thanks so much for your swift response. I have attempted all the steps. I performed other steps like enabling windows remote management (it was disabled before ).I also added the user as a log on for a service. I will document the above steps to be used for another pc . Thank you so much
Hey somehow I have a weird error: When running 'psexec \\IP-Address -siu Administrator cmd' I get the cmd on my machine, but when I want the cmd to pop up on the remote machine, I run the same command you did in the video so 'psexec \\IP-Address -s -i 2 -u Administrator cmd' i get 'access denied - psexec could not start cmd on 'IP-Address'' do you have an idea what this is about and how to solve this?
IS there any workaround to getting PSEXEC to be able to speak with workstations that have had their Admin$ share disabled? I'm hitting in impasse with this at work.
@@TechsavvyProductions I've been in IT since the 90's. So many people fail to grasp how for many people the help file just showing switches doesn't actually translate into use. The smart folks will just 'get it' but many ordinary folk are left head scratching. In this video, you covered usage, but went quite deep into the actual examples of usage. If I could change one thing over the last 30 years, I'd have got people making the man pages and the destructions, and their /help and their command outlines have the switches, but also show some example usage lines of the switches. This is what you did here. You created a tour de force video on PSEXEC. Thank you :)
What you just shared is very true. Developers cut their teeth on command-line principles and early in their career get a good dose of syntax, but the IT professional is dropped off at the pool and left to swim or die. Syntax varies by who writes the code and often leaves everyone pulling hair. The video is addressing people like you and I who often need help in really understanding how it works and how to use parameters correctly. Thanks for the comment.
systeminfo.exe is a great CLI tool that will pull system information back to your workstation via psexec.exe docs.microsoft.com/en-us/windows-server/administration/windows-commands/systeminfo
This tool will loose its power fast in serious IT as the whole remote part and how it works is more seen as a security problem than a usefull tool. So the way it connects to remote machines is blocked in business environments more and more. For me it is a little bit of a guess if i can use this at customer sites or not. Most of the time the bigger the customer the less chance that it still works.
Great comment, Remote PowerShell is awesome and is the go to automation CLI for admins. Psexec.exe is just another great tool and once understood can really be a quick solution to many problems. Psexec.exe though is not a security risk, without compromised credentials it is useless. Thanks for taking the time to comment.
Good point, there are a ton of tools built in but Mark shares in this video done recently why he opted to keep this group of tools outside the Windows build cadence. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-tR22u6H8E5w.html
lets be honest, 99% of ppl just play around with psexec instead of actually using it for administration. on my school pc i accidentally elevated my privileges to NT AUTHORITY\SYSTEM and i had created a fake error with VBS. so i ran psexec64.exe \\* -i -s -d C:\users\1849245\desktop\error.vbs (that command executed my fake error on every school computer in the school) the teacher ended up calling IT 💀
yeah. this is an essential tool in the IT business, but also there are ppl who want to have fun with it as well. it just depends on what type of person you are and what sort of job you have. you have to be careful with the tool tho because if it falls into the wrong hands, (e.g. a hacker) that could be a serious issue