Running psexec on a remote Windows 7 Enterprise workstation

Question

I can't seem to get psexec commands to work on a remote Windows 7 Enterprise workstation.

I'm trying to execute the following command:

psexec.exe \\172.16.165.157 -u jc -p testing123 -c -f -i cmd.exe

But I keep getting the error:

PsExec v1.94 - Execute processes remotely
Copyright (C) 2001-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

Error copying C:\WINDOWS\system32\cmd.exe to remote system:
Access is denied.

I'm trying to execute the command from a machine running Windows XP Professional.

Have to ask, is there a reason why you don't want to use WinRM/PowerShell 2.0 remoting? — amargeson, Jun 30 '10 at 20:50
This is a legacy test automation system which I've been asked to maintain, I would use PowerShell, had I the choice! — Jimmy Collins, Jul 01 '10 at 08:13

Skyhawk · Answer 1 · 2010-08-23T17:40:03.603

If you are trying to do something that could generate a UAC prompt on the remote system, you need to use this:

     -h         If the target system is Vista or higher, has the process
                run with the account's elevated token, if available.

Copying cmd.exe from the system32 directory of a WinXP machine to the system32 directory of a Win7 machine is a very poorly conceived example. Please be careful. It is unwise to treat system files with such disrespect, especially across OS versions or architectures.

When you are using psexec, please specify a full path that is not within the c:\windows\ hierarchy on the remote system.

score 1 · Answer 2 · answered Jun 30 '10 at 17:29

1

Presumably, there is a user account "jc" on the machine "172.16.165.157", with the password "testing123", and that account has "Administrator" rights there?

If the answer is "no" then this is your problem.

You don't want to copy "CMD.EXE" to the remote machine, either. It's already there. You don't need the "-c" flag on your PSEXEC command-line.

answered Jun 30 '10 at 17:29

Evan Anderson

141,881
20
196
331

sometimes I need to read these things better! – tony roth Jun 30 '10 at 17:33
Yes, an account with that name and admin rights exists on the system. I need the '-c' flag alright, I just used 'cmd.exe' as a example. I actually need to copy a number of tools to the system. It works fine on Windows XP, I just think there is some setting I haven't changed correctly on Windows 7. – Jimmy Collins Jul 01 '10 at 08:15

score 1 · Answer 3 · answered Aug 14 '10 at 14:23

1

Try -u computername\jc

answered Aug 14 '10 at 14:23

Luca Matteis

548
4
11
21

If you do not specify a domain for the username, I am pretty sure `-u jc` is implicitly `-u computername\jc`. Just sayin'. – songei2f Aug 23 '10 at 14:33
@alharaka: no it isn't the same, you get an access denied if you don't specify the computername. – Luca Matteis Aug 24 '10 at 07:10
I just did the following with v1.96: `psexec \\TESTPC -u Administrator cmd` and pulled up a command prompt. That is a local account on a remote box. Did I miss something? I mean, you have to specify the computer name once before, is that what you meant? – songei2f Aug 24 '10 at 13:48

score 1 · Accepted Answer · edited Jan 27 '17 at 21:26

1

I used the -d argument as a workaround. But that means I don’t get back the return code from the process I started remotely.

This is a workaround, but it is not ideal.

edited Jan 27 '17 at 21:26

slayernoah

1,650
2
13
19

answered Oct 23 '10 at 15:43

score 0 · Answer 5 · edited Sep 30 '12 at 05:31

0

Three things comes to my mind...

Make sure to activate admin$ share on the target
Even if you pass an admin user in the arguments with psexec you still need to run the psexec-command itself on the source as a administrator too.
On the resent psexec there is a -h switch to overcome issues reaching Vista and above machines, although I haven't tested it.

edited Sep 30 '12 at 05:31

Magellan

4,451
3
30
53

answered Aug 01 '12 at 14:58

Stefan

1
1

Running psexec on a remote Windows 7 Enterprise workstation

5 Answers5