Solved

Using PSExec with System Account on a logged off domain machine

Posted on 2015-01-27
8
374 Views
Last Modified: 2015-02-27
Hi Experts,
I’m looking for some assistance using PSExec (or a similar method) to trigger a remote command from a domain machine whilst it is in a logged off state (I.e. at the login screen).
Essentially, I am using OS deployment software (smartdeploy) to install a Win7 image on my domain PC, the software adds the PC to the domain, and leaves it at the login prompt – which is all fine.
The software gives me the option to run a command at first boot (using only the system account), when the machine is sitting at the login prompt.
I want to be able to use PSExec to trigger my application deployment software (PDQ Deploy) – something to this effect:

PSexec.exe \\PDQSERVER –accepteula –u username –p password Pdqdeploy.exe Deploy “PackageNameWhatever” %computername%

I’ve tested this and similar commands whilst logged into a machine and it works flawlessly – the command uses the computername variable to install the package directly to the PC, however have tried different combinations, tried to specify different credentials, parameters etc whilst the machine is logged off but no luck. Understand it is likely a permissions issue but not sure how I can get around it.

Hoping someone can provide some guidance or maybe an alternative approach. The two software packages work well together for OS and application deployment, however I would like to be able to automate the whole process and have our default application package install, as soon as the OS is deployed and the machine has joined the domain, got an IP address etc.

Cheers!
0
Comment
Question by:bl460c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 40572449
Do you have a local admin account?
0
 
LVL 55

Accepted Solution

by:
McKnife earned 500 total points
ID: 40572653
Hi.

I think the problem is that the system account cannot impersonate anyone. Proof: If you start
psexec -s -i cmd
a shell running as system appears. Within that shell, try to use runas.exe to impersonate youruser and start notepad:
runas /user:domain\youruser notepad
You get
"RUNAS ERROR: Unable to run - notepad
5: Access is denied."
0
 

Author Comment

by:bl460c
ID: 40583275
Nagendra Pratap Singh - yes I have a local admin account (or I could create a specific local admin account for this purpose - how are you suggesting it could be used?) cheers
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 40583316
I would use a local admin account in the meantime.

Also check if your process is not blocked by UAC etc.

http://www.brandonmartinez.com/2013/04/24/resolve-access-is-denied-using-psexec-with-a-local-admin-account/
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40583356
Did you understand my comment? It's the reason for why it's not possible.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 40634972
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40634973
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_28604512.html#a40572653 is the solution. It is a known fact that the system account does not offer to use impersonation, that's why it won't work for the asker.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AutoHotkey is an excellent, free, open source programming/scripting language for Windows. It started out as a keyboard/mouse macros product, but has expanded into a robust language. This article provides an introduction to it, with links to addition…
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question