Using PSExec with System Account on a logged off domain machine

Hi Experts,
I’m looking for some assistance using PSExec (or a similar method) to trigger a remote command from a domain machine whilst it is in a logged off state (I.e. at the login screen).
Essentially, I am using OS deployment software (smartdeploy) to install a Win7 image on my domain PC, the software adds the PC to the domain, and leaves it at the login prompt – which is all fine.
The software gives me the option to run a command at first boot (using only the system account), when the machine is sitting at the login prompt.
I want to be able to use PSExec to trigger my application deployment software (PDQ Deploy) – something to this effect:

PSexec.exe \\PDQSERVER –accepteula –u username –p password Pdqdeploy.exe Deploy “PackageNameWhatever” %computername%

I’ve tested this and similar commands whilst logged into a machine and it works flawlessly – the command uses the computername variable to install the package directly to the PC, however have tried different combinations, tried to specify different credentials, parameters etc whilst the machine is logged off but no luck. Understand it is likely a permissions issue but not sure how I can get around it.

Hoping someone can provide some guidance or maybe an alternative approach. The two software packages work well together for OS and application deployment, however I would like to be able to automate the whole process and have our default application package install, as soon as the OS is deployed and the machine has joined the domain, got an IP address etc.

Cheers!
bl460cAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
McKnifeConnect With a Mentor Commented:
Hi.

I think the problem is that the system account cannot impersonate anyone. Proof: If you start
psexec -s -i cmd
a shell running as system appears. Within that shell, try to use runas.exe to impersonate youruser and start notepad:
runas /user:domain\youruser notepad
You get
"RUNAS ERROR: Unable to run - notepad
5: Access is denied."
0
 
Nagendra Pratap SinghDesktop Applications SpecialistCommented:
Do you have a local admin account?
0
 
bl460cAuthor Commented:
Nagendra Pratap Singh - yes I have a local admin account (or I could create a specific local admin account for this purpose - how are you suggesting it could be used?) cheers
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
Nagendra Pratap SinghDesktop Applications SpecialistCommented:
I would use a local admin account in the meantime.

Also check if your process is not blocked by UAC etc.

http://www.brandonmartinez.com/2013/04/24/resolve-access-is-denied-using-psexec-with-a-local-admin-account/
0
 
McKnifeCommented:
Did you understand my comment? It's the reason for why it's not possible.
0
 
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
McKnifeCommented:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_28604512.html#a40572653 is the solution. It is a known fact that the system account does not offer to use impersonation, that's why it won't work for the asker.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.