Need help with PSEXEC and MS SQL Server

If you are sure there is no typo in your credentials, I did a quick research about this issue, and some users were helped by editing the registry key. It might be worth trying.
On the remote computer: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> Add a new DWORD value called LocalAccountTokenFilterPolicy -> Set it to 1.

Thanks for your suggestion.. before I trying changing keys though I want to share some new info...

When I log into the workstation and execute the command as described in my question (also shown below)  I get the access denied error.
I have learned that if I add the user to the Domain Admin group and then log into the workstation everything works properly.

The problem is that I do not want to add the users to the Domain Admin group.  I need to be able to execute the statement below wihout adding the user to the admin group.

C:\Disti-Master>c:/Disti-Master/PSEXEC  \\MYMACHINE-u PCC\MYACCOUNT -p MYPASSWORD -e -h "C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\DTExec.exe" /FILE "\MyMachine\Disti-Master\UpdateWebsiteA2backuprobot.dtsx" /CHECKPOINTING OFF  /REPORTING EWCDI

Update.  I have tried the -h and the -s options.  Neither allow me to successfully execute psexec.  As stated before, all works if I add the user to the domatin admins group, however I do not wish to do this.

Thanks for this update. So the user you use to run this command is missing rights.

I don't know the background, however, if you need to run this command regularly, what about creating a script and using Task Scheduler?

That sounds like it would work but not in our application.

At the end of each day we update our inventory file to reflect sold and new items that are added.

Once our new inventory file is created we need to update our website... so we have been using a batch file that runs every time the new inventory file is created... which can happen at any time during the evening.. it’s not a scheduled function.

we used this routine for years successfully with XP .. but the workstations have been updated to win10

I have a few questions.

"MyAccount" is a local account on Win7 machine, correct?

You also said "MyAccount is a member of the Admin group", however, in the next post you said "I need to be able to execute the statement below without adding the user to the admin group."
Can you please clarify this? Is the "MyAccount" account a member of the Local Admin group?

As far as I understand it now, you need to elevate rights for MyAccount user to run the command.

Yes, I believe I need to elevate.

MyAcoount is a user account on the domain.  The account is in the employees group.  For example, BillS.

When BillS logs into Windows 10 and the domain and attempts to execute the batch file that calls the subject statement the permissions denied message appears.

if I temporarily add BillS (MtAccount) to the Domain Admins group all works fine, although of course I can’t leave him in that group.

if I right click the program and use run as administrator, it also executed fine although a user account and password must be entered first, and I can not give the user these credentials.

so if I can elevate the user to a domain admin just for the purpose of running this batch file all will work.

You can add MyAccount to a Local Admin group on MyComputer. The user will not have an access to the domain but will have appropriate rights to run what you need.

I have held off on giving local computer users admin privileges to prevent viruses and ransomeware from making unauthorized changes.

with this said, files are not saved on the local computer but instead on a share of the domain.

Is this a bad strategy for me to be using....???  we’ve had randsomeware attacks in the past so we are trying to be very careful...

it’s much better if there is a way to only give admin rights when running PSEXEC...  is there anyway we can do this?  we are a small company and I am the only IT person... networking and security is not my strength...

I will certainly give this a try as a test ti verify that  your suggestion works but hopefully there is a better answer?

Not easy to answer. I would use Task Scheduler and run the script at a specific time if possible.

However, if this does not apply to you, you can use a 3rd party tool that could help you to manage what you need. I found RunAs Tool (link here), RunAdmin Tool (link here) or Steel RunAs just for 10$ (link here). I have never used them so first, get some information about them and how they work.

I tried running the batch file from a user account that was in the local admin group, but it did not work.  If I put the user in the domain group for domain admins... it works... so it looks like being an admin on the local machine... and being logged in as a domain user with the same name does not work... keep in mind the domain user has the domain portion as a prefix for the name.

The link RunAs Tool seemed like it would be perfect... but it did not work.  The problem was that the first time you run this utility you need to specify the account name that has admin privileges... and the only names in the drop-down are local account names... there is no way to specify a domain account as the account with admin privileges.

I tried running the batch file from a user account that was in the local admin group

In the Local Admin group on the remote computer? Otherwise, it will not work.
However, if you did this and still no joy, you probably need domain admin rights.

there is no way to specify a domain account as the account with admin privileges.

I don't know why there is not an option to run the tool as a domain admin. Anyway, there are other tools like RunAsRob (link here). See section "4 Run application as another user" at the bottom of the page. There is a video example of how to configure it for a domain account.