Invoke-Command
PowerShell cmdlet but PsExec still has its place.Set-NetFirewallRule
cmdlet to do it.Invoke-Command
cmdlet./accepteula
switch as shown below.hostname
, you can simply add it after the computer name.hostname
command on the CONTOSODC1 computer, you define it’s UNC path followed by the command. PSExec will then connect to the remote computer securely, execute the command and return the output. In this case, the hostname
command returned the hostname of the computer which is CONTOSODC1.cmd
or another console, PsExec will quickly exit the remote session and return the exit code the remote process returned.-s
switch to run any command as SYSTEM locally or remotely as you’ll learn more about later.-s
switch along with the command interpreter executable for psexec to launch a new command session as NT AUTHORITYSYSTEM.REMOTECOMPUTER
. You can also specify multiple computers separated by commas like below.hostname
command.A system error has occurred: 6118
.net view /all
to first find all computers in the domain. This is an outdated way to find computer information due to its dependency on NetBIOS.@<filename.txt>
, PsExec will read every line in the text file as if it were a computer name. It will then process each computer individually.-c
switch, psexec will copy any local program to the remote computer prior to execution.-c
switch and don’t specify an executable file, PsExec will still copy the file but you’ll receive an error stating system cannot find the file specified. This happens because PsExec will always attempt to run the file you copy.Copy-Item
PowerShell cmdlet instead.-u
and optional -p
switch allows you to connect to the remote computer with an alternative user account. PsExec will then encrypt both the username and password and send them to the remote computer for authentication.-u
switch, psexec impersonates your logged-in account on the remote computer. It will not have access to any network resources.-s
switch. This switch allows PsExec (and your remotely-executed application) to run under the remote (or local) computer’s LOCAL SYSTEM account.-s
option to tell PsExec to launch a local command prompt as the LOCAL SYSTEM account.-i
. By default, PsExec does not allow the remotely-executed command to bring up any windows on the remote computer. This is helpful because if you’re executing commands remotely, you’re not going to see the screen anyway.-i
switch.-i
switch and PsExec will open up Notepad.-d
switch to disconnect when the interactive window is brought up though. By default, PsExec will wait for the process it executed to complete. If the remote process (Notepad in this case) is kept running, PsExec will never return control.-d
switch with -i
will tell PsExec to not wait for the remote process to finish. Instead, it will disconnect and return control to you as soon as the remote process is executed.^> nul ^2^&1
.^
).psexec cmd
)Enter-PSSession
replacement.exit
. PsExec will stop the cmd
process on the remote computer and return focus to the local computer.exit
. If you use Ctrl-C, the psexec session will remain running on the remote computer./accepteula
switch/accepteula
switch but you could also “stage” it in the registry./accepteula
!*
to find all computers in the domain, you can use PowerShell instead. By using PowerShell, you can not only pick certain computers but you don’t have to use the firewall-prone net view /all
behavior.Get-AdComputer
cmdlet part of the ActiveDirectoryPowerShell module.Enable-PSRemoting
or the winrm.cmd batch file on remote computers, you can quickly turn on PowerShell Remoting across many computers at once.2>&1> $null
.