Execute exe on remote machine

Question

I'm trying to execute notepad.exe on a remote machine, but it's not working now. What am I missing?

var ui = new ImpersonateUser();
    //the process to restart
    const string processName = "notepad.exe";
    var serverName = "serverName";

    try
    {
        //Use adbadmin for access
        ui.Impersonate(_domain, _userName, _pass);

        //Start the process
        ProcessStartInfo info = new ProcessStartInfo("C:\\PsTools");
        info.FileName = @"C:\PsTools\psexec.exe";
        info.Arguments = @"""\\" + serverName + @"C:\WINDOWS\notepad.exe""";
        info.RedirectStandardOutput = true;
        info.UseShellExecute = false;
        Process p = Process.Start(info);

        lblStatusResponse.Text = "Service " + processName + " was restarted correctly.";
    }
    catch (Exception ex)
    {
        lblStatusResponse.Text = ex.ToString();
    }
    finally
    {
        ui.Undo();
    }

This gives me no exception, but I'm surely missing something...

no, just here: `info.Arguments = @"""\\" + serverName + @" C:\WINDOWS\notepad.exe""";` — Eren Ersönmez, Sep 11 '14 at 08:16

score 6 · Accepted Answer · answered Sep 11 '14 at 09:53

The answer was a combination from your replies. But the whole correct solution was:

        ProcessStartInfo info = new ProcessStartInfo("C:\\PsTools");
        info.FileName = @"C:\PsTools\psexec.exe";
        info.Arguments = @"\\" + serverName + @" -i C:\WINDOWS\notepad.exe";
        info.RedirectStandardOutput = true;
        info.UseShellExecute = false;
        Process p = Process.Start(info);

score 4 · Answer 2 · answered Sep 11 '14 at 08:30

4

Running an interactive program such as notepad.exe doesn't always open a visible window on the target PC. Try opening Task Manager on the target PC while you run the code and see if notepad.exe appears in the list of running processes.

I'd suggest trying to run psexec from the command line first before attempting to call it via code.

psexec \\serverName "notepad.exe"

You may also want to use the "interactive" flag so it can interact with the desktop on the target.

psexec \\serverName "notepad.exe" -i

answered Sep 11 '14 at 08:30

Peter Evans

74
1

It didn't start the process either, I checked – MrProgram Sep 11 '14 at 08:32
Do you receive an error when running on the cmd line? Are both the source and target PC's connected to the same domain? If so, does the account that is running the psexec command have permissions on the target PC? Try adding the account to the local admin group on the target workstation. – Peter Evans Sep 11 '14 at 08:37
Another test you can try is to attempt to map a network drive from the source PC to the target PC. Try running the following from the command line. net use \\serverName\c$ – Peter Evans Sep 11 '14 at 08:42
No errors. Hmm...The domain is the same. The permissions are correct as well – MrProgram Sep 11 '14 at 08:59
Try checking whether ports 135 and 445 are open on the target servers firewall. – Peter Evans Sep 11 '14 at 09:36
There are no port problems =/ – MrProgram Sep 11 '14 at 09:48

Lorenzo Dematté · Answer 3 · 2014-09-11T08:22:16.627

2

Your UNC path does not look good.

After the string concatenation, it will look something like

  "\\serverNameC:\WINDOWS\notepad.exe"

Try to print it out. See documentation about UNC on MSDN, and some examples here (or google about UNC Path)

If you have only the default shares, it should be something like

  "\\serverName\C$\WINDOWS\notepad.exe"

OR psexec let you use a different notation, but you have to be careful with double quotes there

  psexec \\serverName"c:\WINDOWS\notepad.exe"

Also, ensure that the "Server" service is running on the target machine.

PsExec starts an executable on a remote system and controls the input and output streams of the executable's process so that you can interact with the executable from the local system. PsExec does so by extracting from its executable image an embedded Windows service named Psexesvc and copying it to the Admin$ share of the remote system. PsExec then uses the Windows Service Control Manager API, which has a remote interface, to start the Psexesvc service on the remote system.

The Admin$ share is created and managed by the "Server" service, so you need it running for psexec to work (http://windowsitpro.com/systems-management/psexec).

edited Sep 11 '14 at 08:22

answered Sep 11 '14 at 08:17

Lorenzo Dematté

7,638
3
37
77

Now when you mention it, I will try the C$ – MrProgram Sep 11 '14 at 08:26
You should also try using it at the command line, first. Then when it works, embed it in your C# program. It's easier that way... – Lorenzo Dematté Sep 11 '14 at 08:27
Hmm ok..Psexec is on the server so that shouldn't be a problem. But the commandline am I not sure of – MrProgram Sep 11 '14 at 08:32
psexec runs on your machine. It "pulls out" a service (embedded in its own resources), copies it to the server or "target" machine, and starts it. The copy happens using the Admin$ share; that's why "Server" needs to be started (automatically or manually) – Lorenzo Dematté Sep 11 '14 at 08:34
Not really sure what you talk about when you say "server". Reading documentation it says you don't need to install any software on the remote machine..? – MrProgram Sep 11 '14 at 08:54
I've tried @"\\" + serverName + @"C:\WINDOWS\notepad.exe"; and @"\\" + serverName + @"C$\WINDOWS\notepad.exe";. Nothing works – MrProgram Sep 11 '14 at 08:54
1

I've got it working now. With @"\\" + serverName + @" -i C:\WINDOWS\notepad.exe"; – MrProgram Sep 11 '14 at 09:52

score 0 · Answer 4 · answered Mar 30 '18 at 13:31

Just to extend current version of answer. There could be a problem of execution psexec due to OS policy, to enable remote control you need to modify registry:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

You can check this: Remote UAC LocalAccountTokenFilterPolicy

Execute exe on remote machine

4 Answers4

Linked

Related