PsExec effectively serves as the Windows equivalent of ssh on Linux, except that it has a whole lot more tricks.
Imagine that you are an IT system admin with a cadre of technicians underneath you supporting hundreds of Windows systems daily. Having to physically run down to each system individually in order to run a simple set of commands or patch an environment is not acceptable. Being able to issue commands to remote systems without that additional exercise is always welcomed and appreciated.
Luckily, Mark Russinovich of Microsoft (and formerly of Winternals) has a neat little command line utility that effectively serves as the Windows equivalent of ssh on Linux, except that it has a whole lot more tricks. Not only are you able to issue commands remotely by IP address or hostname over a corporate intranet, you can also reset user passwords, specify which CPUs or cores should be used to operate a task, initiate remote file copies, and much more.
- Title: PsExec (part of the PsTools package)
- Author: Mark Russinovich
- Supported operating systems: Windows XP, Vista, 7, 8 (including Windows Server)
- Price: Freeware
I called up a command interpreter operating on another machine.
For a simple example, I set up my Windows 7 laptop on my local network and copied down its local IP address, then I moved over to my desktop and ran one long command which included the target machine's IP address, the target user's login ID and password, a copy command to send an exe file to the remote machine and then execute it. The command looks just like the following:
psexec \\192.168.1.5 -u username -p password -c PsService.exe
Once I ran that command, the PsService application that I had sitting on the desktop on my host machine essentially transported and ran an instance over on the remote machine. Also, because the app I copied over was command-line based, I could see and interact with it from the host end. However, software which use the Windows GUI aren't able to be directly manipulated, so it's important to keep that in mind.
Another neat little feature on the docket for PsExec is the ability to run a command remotely as the SYSTEM user. What this essentially means is that, when SYSTEM is called, you effectively have nothing stopping you or getting in your way from a permissions standpoint and you become a super user. This is much akin to root access on Linux, which means that you are playing with fire. One wrong move and you can completely toast the system you are working on.
Something else that should also be noted; user passwords are sent as clear text over the network, much like Telnet, and can easily be sniffed by tools like Wireshark. If you have a properly secured Intranet, this might not be a major concern, but if you are attempting to access a system over the broader Internet without employing proper security precautions, such as an encrypted VPN, you risk revealing password information to someone outside your organization.
Finally, as a pro-tip for anyone unable to connect to a remote machine, it's important to ensure that the target has file and printer sharing enabled. Although this would normally be ill-advised over a public WiFi or other unsecured connection, this should be fine within the confines of a company firewall so that you aren't granting unnecessary access where you don't need to.
With all that said, PsExec is a must-have for IT personnel, since it empowers you to send commands to any Windows system for remote administration purposes. You don't even need to fire up full-fledged RDP or other remote session connections, since PsExec will gladly get in and out for you in a moment's notice, improving your efficiency as a tech and granting you a powerful single command at your fingertips.