Home / server / Questions / 280482
Accepted
HighCommander4
Asked: 2011-06-15 14:10:26 +0800 CST

How to use psexec without admin privileges on target machine?

  • 772

Is it possible to use psexec to execute a command on a remote machine without having admin privileges on the remote machine?

I tried running psexec \\<machine> -u <username> -p <password>, where <username> and <password> are non-admin credentials, but I get an "access denied" error

I can remote desktop into the remote machine with the same credentials without any problems.

My local machine is running Windows 7 Enterprise 64-bit, and the remote machine is running Windows Server 2008 64-bit. I do have admin privileges on the local machine.

EDIT: To all the people who are downvoting this question: I am not trying to circumvent any sort of security measure. I can already run the process on the remote machine by remote desktop-ing into the remote machine and running it. I'm simply looking for a command-line way to do something I can already do through a GUI.

windows remote-access pstools

8 Answers

  1. Best Answer

    As found at: https://stackoverflow.com/questions/534426/psexec-help-needed

    You need to have admin rights on the target as part of psexec starts up a windows service on the target, and you need admin rights to be able to do that.

    psexec copies a psexecsvc file to the admin share and then using remote management starts up a service using that file. It opens up named pipes and uses that for further communication. When it's finished it tidies up after itself.

    Although I can't find OFFICIAL documentation that says the same thing.

    • 28

  2. Ask to be local admin on the machine.

    Edit: Or run the command as a scheduled task. Or use the -l switch in PsExec:Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. See here:http://technet.microsoft.com/en-us/sysinternals/bb897553. Sorry to say but RTFM!

    For example: To run Internet Explorer as with limited-user privileges use this command:

    psexec -l -d "c:\program files\internet explorer\iexplore.exe"

    Note that the password is transmitted in clear text to the remote system.

    • 4

  3. Nope, not in a useful way. Why would you want to do this and not be an admin?

    • 1

  4. You'd probably be better off using Powershell commands:

    • 1

  5. A solution would be to use an AutoIT script to log into your remote desktop on a schedule from your workstation. Have your "startup" folder execute your process via either a batch script or another AutoIT script (so that you can cancel if doing other work). This is not command line, but it does automate your work within the parameters that your sysadmin has given you. Hope it helps.

    • 0

  6. `const string subkey = "Software\Sysinternals\PsExec";

            if (Environment.Is64BitOperatingSystem)
        {
            // For 64 Bit PC
            RegistryKey registryKey64 = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64);
            RegistryKey NDPKey64 = registryKey64.OpenSubKey(subkey);
            if (NDPKey64 != null)
            {
                Registry.CurrentUser.OpenSubKey(subkey, true).SetValue("EulaAccepted", 1, RegistryValueKind.DWord);
            }
            else
            {
                RegistryKey regKey64 = registryKey64.OpenSubKey("Software", true);
                regKey64.CreateSubKey("Sysinternals\\PsExec", RegistryKeyPermissionCheck.ReadWriteSubTree);
                Registry.CurrentUser.OpenSubKey(subkey, true).SetValue("EulaAccepted", 1, RegistryValueKind.DWord);
            }
        }
        else
        {
            //For 32 bit PC
            RegistryKey registryKey32 = Registry.CurrentUser.OpenSubKey(subkey);
            if (registryKey32 != null)
            {
                Registry.CurrentUser.OpenSubKey(subkey, true).SetValue("EulaAccepted", 1, RegistryValueKind.DWord);
            }
            else
            {
                RegistryKey regKey32 = Registry.CurrentUser.OpenSubKey("Software", true);
                regKey32.CreateSubKey("Sysinternals\\PsExec", RegistryKeyPermissionCheck.ReadWriteSubTree);
                Registry.CurrentUser.OpenSubKey(subkey, true).SetValue("EulaAccepted", 1, RegistryValueKind.DWord);
            }
        }`
    • -1

  7. Why does someone not just say that it is not possible? I need to do something similar (Remote Exec a SAS Program), which I do have access to do if I RDP into that server (i.e. I have logon access to the server. I have file system access to the source code folder and I have access to run SAS).

    No sysadmin is his/her right mind is going to grant me full admin rights on that box just to exec remotely. Basically PSTools is a sysadmin tool not designed to be used for the deployment of actual IT system solutions.

    • -1

  8. There is probably a way to do this. It's probably as simple as editing WMI permissions on the machine. If it's not possible, then using something like WinRM would definitely work.

    All of that is moot for you though. You don't have admin access to the machine at all. Therefore, you cannot make any of the changes necessary to get this going. You need to work this out with your sysadmin instead of asking us to help you go around him. Remember one thing very clearly, most of us here are sysadmins and we do not like users trying to go around us. That doesn't make us very likely to help you try to go around your sysadmins.

    • -2