Imagine that you are an IT system admin with a cadre of
technicians underneath you supporting hundreds of Windows systems daily. Having
to physically run down to each system individually in order to run a simple set
of commands or patch an environment is not acceptable. Being able to issuex
commands to remote systems without that additional exercise is always welcomed
and appreciated.

Luckily, Mark Russinovich of
Microsoft (and formerly of Winternals)
has a neat little command line utility that effectively serves as the Windows
equivalent of ssh on Linux, except that it has a whole lot more tricks. Not
only are you able to issue commands remotely by IP address or hostname over a
corporate intranet, you can also reset user passwords, specify which CPUs or
cores should be used to operate a task, initiate remote file copies, and much
more.

PsExec

Product Information:

I called up a command interpreter operating on another machine.

For a simple example, I set up my Windows 7 laptop on my
local network and copied down its local IP address, then I moved over to my
desktop and ran one long command which included the target machine’s IP address,
the target user’s login ID and password, a copy command to send an exe file to
the remote machine and then execute it. The command looks just like the
following:

psexec \\192.168.1.5 -u username -p password -c PsService.exe

Once I ran that command, the PsService application that I
had sitting on the desktop on my host machine essentially transported and ran
an instance over on the remote machine. Also, because the app I copied over was
command-line based, I could see and interact with it from the host end. However,
software which use the Windows GUI aren’t able to be directly manipulated, so
it’s important to keep that in mind.

Another neat little feature on the docket for PsExec is the
ability to run a command remotely as the SYSTEM user. What this essentially
means is that, when SYSTEM is called, you effectively have nothing stopping you
or getting in your way from a permissions standpoint and you become a super
user. This is much akin to root access on Linux, which means that you are
playing with fire. One wrong move and you can completely toast the system you
are working on.

Something else that should also be noted; user passwords are
sent as clear text over the network, much like Telnet, and can easily be
sniffed by tools like Wireshark.
If you have a properly secured Intranet, this might not be a major concern, but
if you are attempting to access a system over the broader Internet without
employing proper security precautions, such as an encrypted VPN, you risk
revealing password information to someone outside your organization.

Finally, as a pro-tip for anyone unable to connect to a
remote machine, it’s important to ensure that the target has file and printer
sharing enabled. Although this would normally be ill-advised over a public WiFi
or other unsecured connection, this should be fine within the confines of a
company firewall so that you aren’t granting unnecessary access where you don’t
need to.

Bottom line

With all that said, PsExec is a must-have for IT personnel,
since it empowers you to send commands to any Windows system for remote
administration purposes. You don’t even need to fire up full-fledged RDP or
other remote session connections, since PsExec will gladly get in and out for
you in a moment’s notice, improving your efficiency as a tech and granting you a
powerful single command at your fingertips.