PSEXEC - Access Is Denied


I am hoping someone can give me some clarity regarding an issue i am having. I think i know the answer but just wanted to put it out there, to see whether if anyone is able to advise otherwise.

We are using PSEXEC with an account that does not have Administrative rights to the destination server. When typing the following command i receive: psexec -s \\servername cmd

       Couldn't access servername:
       Access is denied.

Once connected to the remote host i want all the commands to run using the local system account, as specified with the "-s" switch.

Am i right in thinking that the initial conection to the servers uses the credentials of the user initiating the connection, but once successfully connected to the server any subseqent commands are then run using the local system account?

Is there anyone to have PSEXEC successfully connect to a remote host with a user that is not an administrator on the server?
LVL 10
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Every time I have used PSEXEC,  it has been because really wanted to use the system account in particular for a troubleshooting reason,  or I wanted to perform an operation enterprise wide that required admin rights.

I would need to be in my VM's to test,  but I'm going to say I think you probably need admin rights on the box for it to work right.
kevin_uk05Author Commented:
Thanks for your response. If you managed and have the time to double check i would be much appreciated.

I did some google-fu and found several links that all talk about using admin credentials.

Perhaps there is a user right that can be modified in a security policy to allow it to function.
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Assume you know how to parse the credentials inn the string, so it does NOT use the logged in user's credentials??

psexec -u domain\username -p password app.exe
Could you specify what you are trying to accomplish and we can see what needs to be modded for it better?
psexec in fact does run as the user running the command window that initiated the command.  I use this command almost daily to run either command shells, batch or vbscripts, etc on remote computers.  I've learned some about its behavior from watching the results.

Basically, psexec copies itself to the ADMIN$ share on the remote computer.  It then installs a service on the remote computer, and runs that service, which is the copied file.  This then executes the command that you specified in the psexec command line.

So, with that in mind, the user running psexec from the command line needs to have admin rights to the remote computer.  You can bypass this requirement by using the "-u" parameter, and specifying a domainname\username.  Domainname can be the remote computer's name if you have a local user.  By putting in just the -u parameter, you'll then be prompted to type in the hidden password.

Once running on the remote computer, psexec will function in one of three ways:
1 - If no special parameter used, will run in the same user account as the person initiating the psexec command.
2 - If the "-u" parameter is used, it will run as that user.
3 - If the "-s" parameter is used, it will run as a local system account
In either of these 3 cases, you first have to have admin rights to use the ADMIN$ share and install a service.

When domain membership is broken on a computer, I'll frequently use a command line like this:
psexec -u COMPUTERNAME\Administrator \\COMPUTERNAME cmd.exe

This will allow me to have local admin rights by connecting to the remote computer as the local administrator account.  It will also run the cmd.exe command as the local admin account.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How were you able to get the command to run properly?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Utilities

From novice to tech pro — start learning today.