PSEXEC vs Powershell

David Pérez Bonilla
David Pérez Bonilla used Ask the Experts™
on
¿What is your opinion about this debate?¿What do you prefer like system administrator?

Best Regards,
David.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In my opinion there is no need for a debate. You can't compare the two
I like psexec. Its a nice tool if you want to run a few commands on a bunch of remote computers.

PowerShell is a completely different beast. Its a lot more flexible and expandable.
You can do things with it you'll never be able to do with a command line batch.

So, I love PowerShell :-)
AlexSenior Infrastructure Analyst

Commented:
PSexec is used for things like Ransomware, I use powershell and winRM which can be secured.
PSexec is used for things like Ransomware
No.  It's a sysadmin tool for those that weren't just junior MSCE GUI only admins.

It was useful back before powershell came around.  After Microsoft finally decided to hire Mark Russinovich, powershell became more useful so that you don't need psexec any longer.  It was the go to tool for any real sysadmin that needed to script things just like they would in the Unix world.  It made Windows almost as easy to manage as Unix.

It's time to learn Powershell, since Mark is no longer really updating his pstools.  As of today, the last update was July 4, 2016.

#####

If it's being used for Ransomeware, it's only because they've finally figured out how to use psexec, not because it's a ransomeware tool.  Block psexec, then they'll start to learn how to use powershell.  They only haven't because they're learning from their peers who are learning from online code in blog posts years after they were more useful, not sysadmins that actually know what they're doing.

I've switched to Powershell, ever since it became command complete in server 2012, but I used to use psexec for stuff that Group policy wasn't doing well, such as software installs and updates of 3rd party software, and monitoring the systems without having to go to each any every desktop when I have 30 to 120 systems to set up at the same time.  Now you can do it with powershell.

Psexec is a ransomeware tool, the same way that powershell is a ransomeware tool.
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Top Expert 2014
Commented:
PowerShell does so much more than PsExec, there's really no comparison.  Working with certificate stores, filesystems, registry, WMI, Active Directory and sundry Microsoft platforms, .Net classes and static methods, and branching off into Linux and Mac with PowerShell Core.  There's just so much that can be accessed with PowerShell.

About the only thing that I use PsExec for nowadays is to run a command prompt as SYSTEM.

There are definitely examples of PowerShell as being used maliciously, for example using it to run completely within memory (file-less malware), which makes it very difficult to detect by Anti-malware searching for malicious files.
Top Expert 2016

Commented:
With great power comes great responsibility. In this day and age the .net crypto api is used a lot for normal communication over the network (encrypted smb/internet  https )   these api's can be used to  encrypt files as well.
both psexec and powershell remoting have their uses and advantages and disadvantages .  i.e. you can use a slot screwdriver to remove a phillips head screw
AlexSenior Infrastructure Analyst

Commented:
No.  It's a sysadmin tool for those that weren't just junior MSCE GUI only admins.

Actually wannacry used it to transfer between machines.

I know exactly what it is, exactly what it can do and you should probably read up a little more

https://www.theverge.com/2017/6/27/15883110/petya-notpetya-ransomware-software-update-wannacry-exploit
You can use powershell the same way.  Psexec has no more extra access than powershell.  It is written to use your Windows Credentials.  You can't run psexec on the remote computer that you don't have access to.  It just happens to be the expedient tool they used.  You could write your own C code to gain access the same way.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
PS Remoting allows for much more control over the session - who may connect, with particular accounts, in restrictive environments and much more. But setting that up is complex.

A simple WinRM configuration for PS Remoting is comparable to PsExec - but if you need to provide a diffent account than the executing, you don't need a plain text password (oppossed to PsExec).

Also, PsExec can only provide a simple shell interface, while PS Remoting exchanges objects (stripping off the original methods, though).

However, WinRM requires a setup on clients; only servers are allowing (admin) remote sessions by default. PsExec works without setting up anything.

Commented:
But somehow you still cannot run or execute the .BAT script remotely even using PSexec as Domain\administrator.
But somehow you still cannot run or execute the .BAT script remotely even using PSexec as Domain\administrator.
That just means you didn't fully understand how psexec worked.  You needed to put the batch on a file share accessible to the system you wish to run or copy it over to the remote system and you can run psexec on a batch file.  The batch file runs in the context of the remote environment, so you need to place it where you can access it from that remote environment and remote environment variables, if that's where you plan the operations to occur.

Commented:
Yes, I did that already, I've placed that into the \\domain.com\NETLOGON directory.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial