PSEXEC - Access Is Denied

Posted on 2008-02-03
Medium Priority
Last Modified: 2012-05-05

I am hoping someone can give me some clarity regarding an issue i am having. I think i know the answer but just wanted to put it out there, to see whether if anyone is able to advise otherwise.

We are using PSEXEC with an account that does not have Administrative rights to the destination server. When typing the following command i receive: psexec -s \\servername cmd

       Couldn't access servername:
       Access is denied.

Once connected to the remote host i want all the commands to run using the local system account, as specified with the "-s" switch.

Am i right in thinking that the initial conection to the servers uses the credentials of the user initiating the connection, but once successfully connected to the server any subseqent commands are then run using the local system account?

Is there anyone to have PSEXEC successfully connect to a remote host with a user that is not an administrator on the server?
Question by:kevin_uk05
LVL 11

Expert Comment

ID: 20808764
Every time I have used PSEXEC,  it has been because really wanted to use the system account in particular for a troubleshooting reason,  or I wanted to perform an operation enterprise wide that required admin rights.

I would need to be in my VM's to test,  but I'm going to say I think you probably need admin rights on the box for it to work right.
LVL 10

Author Comment

ID: 20808792
Thanks for your response. If you managed and have the time to double check i would be much appreciated.

LVL 11

Expert Comment

ID: 20808817
I did some google-fu and found several links that all talk about using admin credentials.


Perhaps there is a user right that can be modified in a security policy to allow it to function.
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

LVL 66

Expert Comment

ID: 20809481
Assume you know how to parse the credentials inn the string, so it does NOT use the logged in user's credentials??

psexec -u domain\username -p password app.exe
LVL 66

Expert Comment

ID: 20809484
Could you specify what you are trying to accomplish and we can see what needs to be modded for it better?

Accepted Solution

franked_it earned 1000 total points
ID: 20811121
psexec in fact does run as the user running the command window that initiated the command.  I use this command almost daily to run either command shells, batch or vbscripts, etc on remote computers.  I've learned some about its behavior from watching the results.

Basically, psexec copies itself to the ADMIN$ share on the remote computer.  It then installs a service on the remote computer, and runs that service, which is the copied file.  This then executes the command that you specified in the psexec command line.

So, with that in mind, the user running psexec from the command line needs to have admin rights to the remote computer.  You can bypass this requirement by using the "-u" parameter, and specifying a domainname\username.  Domainname can be the remote computer's name if you have a local user.  By putting in just the -u parameter, you'll then be prompted to type in the hidden password.

Once running on the remote computer, psexec will function in one of three ways:
1 - If no special parameter used, will run in the same user account as the person initiating the psexec command.
2 - If the "-u" parameter is used, it will run as that user.
3 - If the "-s" parameter is used, it will run as a local system account
In either of these 3 cases, you first have to have admin rights to use the ADMIN$ share and install a service.

When domain membership is broken on a computer, I'll frequently use a command line like this:
psexec -u COMPUTERNAME\Administrator \\COMPUTERNAME cmd.exe

This will allow me to have local admin rights by connecting to the remote computer as the local administrator account.  It will also run the cmd.exe command as the local admin account.
LVL 66

Expert Comment

ID: 20816946
How were you able to get the command to run properly?

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A while back when OPSMGR 2012 was released we were very excited about getting it into our environment and upgrading our 2007 implementation,  we started our planning and we then proceeded with our implementation. All went as planned & our system …
I wrote an article (http://www.experts-exchange.com/articles/2245/Anti-rootkit-software.html) some time ago with a reference to nLite  (http://www.nliteos.com/)slipstreaming software.  I recently changed that link to point to NTLite (https://www.ntl…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Hi, this video explains a free download that you can incorporate into your Access databases, or use stand-alone for contact management. Contacts -- Names, Addresses, Phone Numbers, eMail Addresses, Websites, Lists, Projects, Notes, Attachments…
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question