Networking

Review: PsExec is a Windows power user's best friend

PsExec effectively serves as the Windows equivalent of ssh on Linux, except that it has a whole lot more tricks.

Imagine that you are an IT system admin with a cadre of technicians underneath you supporting hundreds of Windows systems daily. Having to physically run down to each system individually in order to run a simple set of commands or patch an environment is not acceptable. Being able to issue commands to remote systems without that additional exercise is always welcomed and appreciated.

Luckily, Mark Russinovich of Microsoft (and formerly of Winternals) has a neat little command line utility that effectively serves as the Windows equivalent of ssh on Linux, except that it has a whole lot more tricks. Not only are you able to issue commands remotely by IP address or hostname over a corporate intranet, you can also reset user passwords, specify which CPUs or cores should be used to operate a task, initiate remote file copies, and much more.

PsExec

Product Information:

psexec1.png

I called up a command interpreter operating on another machine.

For a simple example, I set up my Windows 7 laptop on my local network and copied down its local IP address, then I moved over to my desktop and ran one long command which included the target machine's IP address, the target user's login ID and password, a copy command to send an exe file to the remote machine and then execute it. The command looks just like the following:

psexec \\192.168.1.5 -u username -p password -c PsService.exe

Once I ran that command, the PsService application that I had sitting on the desktop on my host machine essentially transported and ran an instance over on the remote machine. Also, because the app I copied over was command-line based, I could see and interact with it from the host end. However, software which use the Windows GUI aren't able to be directly manipulated, so it's important to keep that in mind.

Another neat little feature on the docket for PsExec is the ability to run a command remotely as the SYSTEM user. What this essentially means is that, when SYSTEM is called, you effectively have nothing stopping you or getting in your way from a permissions standpoint and you become a super user. This is much akin to root access on Linux, which means that you are playing with fire. One wrong move and you can completely toast the system you are working on.

Something else that should also be noted; user passwords are sent as clear text over the network, much like Telnet, and can easily be sniffed by tools like Wireshark. If you have a properly secured Intranet, this might not be a major concern, but if you are attempting to access a system over the broader Internet without employing proper security precautions, such as an encrypted VPN, you risk revealing password information to someone outside your organization.

Finally, as a pro-tip for anyone unable to connect to a remote machine, it's important to ensure that the target has file and printer sharing enabled. Although this would normally be ill-advised over a public WiFi or other unsecured connection, this should be fine within the confines of a company firewall so that you aren't granting unnecessary access where you don't need to.

Bottom line

With all that said, PsExec is a must-have for IT personnel, since it empowers you to send commands to any Windows system for remote administration purposes. You don't even need to fire up full-fledged RDP or other remote session connections, since PsExec will gladly get in and out for you in a moment's notice, improving your efficiency as a tech and granting you a powerful single command at your fingertips.


About

An avid technology writer and an IT guru, Matthew is here to help bring the best in software, hardware and the web to the collective consciousness of TechRepublic's readership. In addition to writing for TechRepublic, Matthew currently works as a Cus...

8 comments
garegin
garegin

a few clarifications.

You can run SSH on Windows. (ie putty)

Windows has its remote management system called WinRM and its shell WinRS. It is the equivalent of SSH but is more clever than passing text based commands around. It works at the API level and can collect data through WMI.  

http://en.wikipedia.org/wiki/WS-Management

grayknight
grayknight

the PsTools are one of the first I get copied onto a new computer for me. Being able to tell who is logged onto a computer/server, seeing what processes are running remotely, what is installed remotely, etc. are all great features, and then psexec is remote execute whatever isn't covered in the other pstools.

jeyltd
jeyltd

Thanks Matthew for sharing your expertise!

yawningdogge
yawningdogge

It's a neat tool, but I think it's a stretch to call it an SSH equivalent.

xp-client
xp-client

All SysInternals tools are amazing. The only question is that since MS has acquired them, will they ruin some of them, kill them or "simplify" them? MS can't be trusted. Does Mark R retain full control over them or MS people will try to interfere and strip features to try to dumb them down from their powerfulness?

Matt Nawrocki
Matt Nawrocki

@yawningdogge Perhaps SSH might have been a stretch, since SSH technically works differently. I mean mostly from the perspective of pushing commands to remote machines, in which case, PsExec is fairly similar.

grayknight
grayknight

@xp-client They haven't messed them up yet, and they've been owned for quite some time. Microsoft acquired them because they are such great tools. Microsoft is not anti-IT/sys admins. Other companies *cough* google *cough* will acquire great tools and remove them from market entirely.

Editor's Picks