bl460c
asked on
Using PSExec with System Account on a logged off domain machine
Hi Experts,
I’m looking for some assistance using PSExec (or a similar method) to trigger a remote command from a domain machine whilst it is in a logged off state (I.e. at the login screen).
Essentially, I am using OS deployment software (smartdeploy) to install a Win7 image on my domain PC, the software adds the PC to the domain, and leaves it at the login prompt – which is all fine.
The software gives me the option to run a command at first boot (using only the system account), when the machine is sitting at the login prompt.
I want to be able to use PSExec to trigger my application deployment software (PDQ Deploy) – something to this effect:
PSexec.exe \\PDQSERVER –accepteula –u username –p password Pdqdeploy.exe Deploy “PackageNameWhatever” %computername%
I’ve tested this and similar commands whilst logged into a machine and it works flawlessly – the command uses the computername variable to install the package directly to the PC, however have tried different combinations, tried to specify different credentials, parameters etc whilst the machine is logged off but no luck. Understand it is likely a permissions issue but not sure how I can get around it.
Hoping someone can provide some guidance or maybe an alternative approach. The two software packages work well together for OS and application deployment, however I would like to be able to automate the whole process and have our default application package install, as soon as the OS is deployed and the machine has joined the domain, got an IP address etc.
Cheers!
I’m looking for some assistance using PSExec (or a similar method) to trigger a remote command from a domain machine whilst it is in a logged off state (I.e. at the login screen).
Essentially, I am using OS deployment software (smartdeploy) to install a Win7 image on my domain PC, the software adds the PC to the domain, and leaves it at the login prompt – which is all fine.
The software gives me the option to run a command at first boot (using only the system account), when the machine is sitting at the login prompt.
I want to be able to use PSExec to trigger my application deployment software (PDQ Deploy) – something to this effect:
PSexec.exe \\PDQSERVER –accepteula –u username –p password Pdqdeploy.exe Deploy “PackageNameWhatever” %computername%
I’ve tested this and similar commands whilst logged into a machine and it works flawlessly – the command uses the computername variable to install the package directly to the PC, however have tried different combinations, tried to specify different credentials, parameters etc whilst the machine is logged off but no luck. Understand it is likely a permissions issue but not sure how I can get around it.
Hoping someone can provide some guidance or maybe an alternative approach. The two software packages work well together for OS and application deployment, however I would like to be able to automate the whole process and have our default application package install, as soon as the OS is deployed and the machine has joined the domain, got an IP address etc.
Cheers!
Nagendra Pratap Singh
Do you have a local admin account?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nagendra Pratap Singh - yes I have a local admin account (or I could create a specific local admin account for this purpose - how are you suggesting it could be used?) cheers
I would use a local admin account in the meantime.
Also check if your process is not blocked by UAC etc.
http://www.brandonmartinez.com/2013/04/24/resolve-access-is-denied-using-psexec-with-a-local-admin-account/
Also check if your process is not blocked by UAC etc.
http://www.brandonmartinez.com/2013/04/24/resolve-access-is-denied-using-psexec-with-a-local-admin-account/
Did you understand my comment? It's the reason for why it's not possible.
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
https://www.experts-exchange.com/questions/28604512/Using-PSExec-with-System-Account-on-a-logged-off-domain-machine.html?anchorAnswerId=40572653#a40572653 is the solution. It is a known fact that the system account does not offer to use impersonation, that's why it won't work for the asker.