Running commands on Windows machine remotely from other machine using psexec

From Notes_Wiki

Home > Windows > Windows 7 or Vista > Running commands on Windows machine remotely from other machine using psexec

To remotely control a Windows machine from another windows machine, we can use psexec utility. This utility allows executing commands remotely. To use psexec follow these steps:

  1. Download psexec from https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx?f=255&MSPPError=-2147217396 This would give a zip file which should be extracted to get many tools including psexec
  2. On remote computer do the following
    1. Disable firewall from psexec computer. This is better than disabling Windows firewall completely. To disable firewall from a given host go to Control Panel ->
    2. Add custom rule to allow all applications, all protocols to any local address from given remote address or subnet appropriately
    3. Add Windows Registry Key for Remote Authentication by starting 'regedit'
    4. Go to HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> Current version -> Policies -> System.
    5. Add REG_DWORD (32 bit) named LocalAccountTokenFilterPolicy and set its value to 1.
  3. From psexec computer try getting a remote cmd using:
    psexec //<remote-ip> "cmd.exe"
    Strangely things might work without any authentication. This is why adding exception only for a certain IP is better than disabling firewall all together.
  4. Example command to shutdown machine remotely is:
    psexec //<remote-ip> "cmd.exe" "/c shutdown /s"

Refer https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_security/psexec-get-console-access-windows-10-problem/ad96c6db-95d7-46ab-98c8-e03efa35df5e



Home > Windows > Windows 7 or Vista > Running commands on Windows machine remotely from other machine using psexec