Microsoft Sysinternals PSExec is an essential tool for any IT administrator. Able to remotely execute commands, install software, launch applications, and run as the system account, PSExec makes short work of common administrative tasks.
As you will find out in this article, there are many different use cases, of which we barely scratch the surface. With that in mind, let’s jump into some common PSExec commands and scenarios below!
For a complete rundown of what PSExec is capable of, check out PSExec: The Ultimate Guide.
Launching a System Account Session
The SYSTEM account for Windows has full access to Windows. Thus, being able to launch an application as the SYSTEM account is very useful. In this example, launching Regedit as the SYSTEM account allows access to the SAM registry hive. To do this, run the following command.
psexec -s -i regedit.exe
By specifying the -s switch we tell PSExec to run as the SYSTEM account and by using the -i switch we are telling PSExec to run interactively.
Please note that you will need to run psexec as an Administrator to be able to launch this command. Normal users do not have a high enough permission level.
Installing and updating software is often a never-ending process. To ease this task and avoid using the user interface on a remote system, PSExec can be leveraged to do the same. To install an MSI package located locally and named install.msi, run the following command. Be sure you have the install.msi file on the remote computer first though.
psexec.exe \\REMOTE –i –s "msiexec.exe /i install.msi" -c install.msi
Unlike the previous command, in the example above, the -c switch was used. This switch tells PSExec to copy the file to the remote system.
The ability to remotely copy and launch an executable on a remote system makes patching quick and easy too. Sometimes you don’t have the luxury of waiting on Windows Update or Group Policy, and within this you can send to one or more systems.
You can also specify multiple remote machines by comma separating them as seen below. Note that the \\ is implied for all comma-separated remote systems.
psexec.exe \\REMOTE1,REMOTE2,REMOTE3 –i –s "msiexec.exe /i install.msi" -c install.msi
An Interactive Remote Command Prompt
The currently logged-on user to the local computer may not have the rights necessary on a remote system. In this case, you can use PSExec to pass an encrypted credential to the remote system to execute any command. To run an interactive remote command prompt as a different user, run the following command.
psexec \\REMOTE cmd.exe -i -u domain.local\admin -p password
The introduction of the -u switch for the user and the -p password switch allows us to execute as a different user.
If you don’t want to have your password in use on the command line, you can omit the password, but not the -p, and PSExec will prompt you for the password before running
Normally PSExec will run with the credentials of the local user that has run the command. By using a domain account instead, you will be able to elevate to that command. If your target system uses User Account Control (UAC), you can sometimes have PSExec elevate the command you are using by adding the -h command to your command line.
Launching a Remote GUI Application
Perhaps you need to open a graphical application remotely for an end-user. PSExec allows you to do just that. Perhaps you need to open up a Notepad window on a remote computer. To do that, run the following command.
C:\> psexec \\REMOTE -i notepad.exe -d
By specifying the -d disconnect switch, PSExec will end the session once notepad is launched. This could be used to launch a diagnostic test for a user to then run or to display a help file with relevant information.
PSExec has been around a long time, and after it was acquired by Microsoft, it has continued to grow and thrive. This tool is just one of many in the SysInternals toolkit, but one of the most venerable and oft-used by IT professionals.
If you are a system administrator with many systems to monitor and maintain, PSExec offers a quick and easy way to remotely administer any system you might have.