How to run the program remotely in window?

Executing commands on a remote computer is a fairly common task. It may be needed to change system settings, install or remove programs, and more. There are quite a few different tools to solve such problems, starting with serious software systems such as System Center Configuration Manager and ending with humble utilities Command Line … One of these utilities will be discussed in this article.

The PsExec utility is part of the Sysinternals PsTools package. It allows you to execute commands on remote computers and does not require installation on the system. To use the utility, copy it to the folder with executable files (eg C: \ Windows \ system32) and run it from any command line shell: Cmd or PowerShell.

The principle of operation of the program is as follows: in the resources of the executable file PsExec.exe there is another executable file – PSEXESVC, which is a Windows service. Before executing the command, PsExec unpacks this resource in the hidden administrative folder of the remote computer Admin$ (C:\Windows), in the file C:\Windows\system32\psexesvc.exe.

Note. If you use the -c switch to tell the program that it needs to copy executable files to this system, they will also be copied to this folder.

After the copy is complete, PsExec installs and starts the service using the Remote Windows Functions API to manage the services. Then, after starting PSEXESVC, a data connection (entering commands and receiving results) is established between it and PsExec. When it’s done, PsExec stops the service and removes it from the target computer.

The PsExec syntax is as follows:

psexec \\ computer [-u user [-p password]] program [arguments]

The username and password do not need to be set, then the remote process is launched under the same account as the PsExec program. However, since the remote process is impersonating, it will not have access to the network resources of the remote system. If you specify a username, then the remote process will start under the specified account and gain access to the same network resources of the remote system as this account. Note, however, that the password is transmitted to the remote system in clear text.

For example, let’s clear the dns cache on remote computer SRV1:

psexec \\ SRV1 ipconfig / flushdns

The command will run on the SRV1 computer under your credentials. When ipconfig completes, all text output will be sent to the computer and the command execution code (error code) will also be returned. If the command is successful, it will be equal to 0.

If you need to run multiple commands, it is best to establish an interactive session with the remote computer. To do this, enter the command psexec \\ SRV1 cmd … Now the commands entered on the local computer will be executed on the remote computer SRV1.

PsExec allows you to run a command on multiple computers at the same time. To do this, you can enter the computer names separated by commas: psexec \\ SRV1, SRV2 or save them in a text file and then specify its address: psexec @c: \ comp.txt … If instead of computer name put an asterisk, like this: psexec \\ * , then the command will be executed on all computers in the domain.

And one more interesting way using the PsExec utility. If you do not specify a computer name, then by default the command is executed on the local system. Using the -s switch you can run programs under the system account. For example, let’s start a command line session: psexec -s cmd and then with the command who are let’s check which user we are currently working with. This feature can be useful for debugging programs or accessing hidden SAM and SECURITY registry keys.

Well, a few words about the program keys. I will not describe everything, I will tell you about the most interesting:

The specified program is copied to the remote system for execution. E.g:

psexec \\ SRV1 -c test.exe

If this parameter is not specified, then the application must be located in the system folder of the remote computer. If the remote computer already has such a program and it is not in the system directory, then you must specify the full path to it (if the name of the program contains spaces, then it must be enclosed in quotation marks):

psexec \\ SRV1 “c:\program files\test.exe”

If you use the -f key along with the -c key then even if the program is already on the remote system, it will be overwritten. And with the -v key it will be overwritten only if the copied version of the program is newer than the one installed on the system.

Program work in interactive mode. By default, PsExec executes commands in stealth mode, that is, on the system where the command is executed, no windows or dialogs are displayed. However, it is possible to change this using the -i switch … After this, you can specify the session number in which to display the windows, or you don’t need to specify it, then the interface will be displayed in the console session.

Indicates not to wait for the request to complete. In this case, we will not get results from the console utility, but we will be able to run the following ones without waiting for the previous command to complete. This parameter should only be used when running non-interactive applications.

Used to run the program in the module. May be required in Windows Vista and higher operating systems to run some programs that make changes to system settings (for example, regedit).

And with the help of this key, you can, on the contrary, decrease the powers. When the process starts, the user, regardless of his membership in the Administrators group, is given limited rights (The rights of the “Administrators” group are canceled and the user is given only the rights assigned to the “Users” group).

Full General Information All program keys can be obtained by simply entering the psexec command on the command line with no parameters.

This article discusses ways to perform console commands on dedicated computers on the network, some very useful for team system administrators .

I use 2 tools for remote execution of console commands: PsExec and WinRM, each with its own advantages.


One of the great solutions to the problem in the title is using the PsExec program from the great Mark Russinovich.

The program works according to the client-server principle: a client runs on the local machine and sends commands to the server on the remote computer. A feature of this program is that the server part is automatically installed immediately before the command is executed and then removed. Thus, to execute commands on remote machines, it is enough to have administrative rights on them.

If PsExec is run as an administrator that belongs to the same domain as the remote computer, then you don’t even need to enter credentials. Otherwise, they can be specified on the command line or PsExec will prompt for them. PsExec runs on Windows 2000 to Windows Server 2008 R2 64-bit operating systems.

The following features are very useful in PsExec:

  • Executing a command on a group of computers … Example: The following command will force the latest group policy :
  • psexec @ group.txt gpupdate / force
  • Running commands on behalf of the system account … Example: The following command will force the remote system to check for updates:
  • psexec \\ computer -s wuauclt / detectnow
  • Copy a program running on a remote computer before running it … Example: the following command will update this computer ‘s membership in the Active Directory security group (access token) without rebooting:
  • psexec \\ computer -c -s klist.exe purges

It’s hard to overestimate the utility of this program if you use the scripts and console command capabilities built into Windows.

Windows Remote Management

It was originally a hardware remote control server technology that appeared in Windows Server 2003 R2 as part of the Hardware Management component, but recently Microsoft released the Windows Management Framework Package , which includes PowerShell 2.0 and WinRM 2.0 and is installed on operating systems client as an update. Details can be found in KB968929.

The beauty of WinRM is the ease of deployment in a domain environment via WSUS as an optional OS update and the power that comes with PowerShell.

WinRM is used by 2 commands.

winrm.cmd is used to configure WinRM client and server settings and diagnostics.

In order for the WinRM server to start accepting commands, the Windows Remote Management service has performed the initial configuration. Use the command

winrm quickconfig on the local machine or

eavesdropping psexec -s \\ servername winrm quickconfig over the network using PsExec as the system account.

You will be prompted to automatically start the WinRM service and allow remote connections, you agree 😉

To successfully connect to a WinRM server (ie the server side that accepts commands) that is not in the same domain as your client computer, you must add this target server to the “trust list” on the client with the following command:

winrm set winrm / config / client @ (TrustedHosts = “servername”), where you can specify an IP address instead of servername or * (asterisk).

For Windows Vista and Windows 7 users who are not running as the built-in administrator (which is usually the case), you need to run the following command

reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System / v LocalAccountTokenFilterPolicy / t REG_DWORD / d 1 / f

By default the limit is set to 5 simultaneous WinRM connections from the client, to increase this number run the command

winrm s winrm / config / winrs @ (MaxShellsPerUser = “X”)

winrs.exe – a client for sending requests to the server side. Example: The following command will force a remote system reboot…

winrs -r: shutdown server name / r / t 0

In a domain environment, commands are sent using the credentials of the running user. To send commands on behalf of another user, use the -u:user -p:pass switches. Example: The following command will clear the local DNS cache on the remote system

Write a Reply or Comment

Your email address will not be published. Required fields are marked *