You can use PsExec to not only manage processes on the remote computer but also redirect an application’s console output to your local computer, making it appear as though the process is running locally. No software is needed on the remote computer to make PsExec work, but there are a few things to keep in mind if the tool doesn’t run correctly the first time you try it.

How to Set Up PsExec

If PsExec is portable and doesn’t need to be copied to the remote computer, what type of setup does it really need? The tool works only under certain conditions. Namely, when file and printer sharing is enabled on both the local and remote computer, and when the remote machine has the $admin share set up correctly to provide access to its \Windows\ folder. You can double-check that file and print sharing is enabled by looking in the Windows Firewall settings: With the Windows Firewall now set up correctly for PsExec, you should have no problem accessing the $admin share on the remote machine so long as the following are true:

Both computers belong to the same WorkgroupYou know the password to an administrator’s account on the remote computer

See this tutorial at Wintips.org if you need help doing those things or if you’ve done them correctly but later on, after trying to use PsExec as described below, you get an “access denied” error.

How to Use PsExec

Before using PsExec to execute remote commands, you have to download the program and position Command Prompt in a way where you can utilize the tool correctly.

Download and Open It

Understanding the Syntax

Much like any command-line tool, PsExec works only when its syntax is followed exactly. Once you understand how to type commands in the way the tool understands them, you can control the program from any Command Prompt. Another way to do this, at least in some versions of Windows, is to Shift+Right Click an empty space in the PsTools folder and choose Open command window here. This will open Command Prompt in that folder so that you can run commands through PsExec. This is how PsExec commands must be entered: psexec [\computer[,computer2[,…] | @file]][-u username [-p password][-n s][-r servicename][-h][-l][-s|-e][-x][-i [session]][-c executable [-f|-v]][-w directory][-d][-][-a n,n,…] cmd [arguments] The above syntax is used to execute any of the following PsExec command arguments:

Open CMD Remotely

One of the easiest ways to use PsExec to run Command Prompt commands on a remote computer is to execute cmd following the machine’s IP address, 192.168.86.62 in this example. Doing this will launch a regular Command Prompt window within the existing one, and let you enter every command as if you were sitting in front of the remote computer. For example, you could then enter ipconfig to get those results from the other computer, or mkdir to create a new folder, dir to list the folder’s contents, etc.

Run a Remote Command

Another way to use PsExec is to enter individual commands but without starting a full Command Prompt. In this example, we’re executing the tracert command against lifewire.com, and because we’ve specified the remote computer’s name, mediaserver01, the command results are relevant to that machine, not the local one (i.e., the one you’re on).

Start a Service Remotely

The PsExec command example shown above starts the Print Spooler service, spooler, remotely on the FRONTDESK_PC computer using the tomd user’s password, 3*(tom#87. The same command can be used to stop a service remotely, but you’d type “stop” instead of “start.”

Open the Registry Editor

Here, we’re using PsExec to launch Registry Editor on the remote machine, mikelaptopw10, in the System account. Because -i is used, the program will open in interactive mode, meaning that it will actually launch on the remote machine’s screen. If -i were omitted from the above command, it would execute in hidden mode to avoid showing any dialog boxes or other windows.

Install Program on Remote Computer

In this last example of how to use PsExec, we’re using -c to copy the ccleaner.exe program to the remote computer J3BCD011, and then executing it with the /S parameter since that’s what CCleaner uses to enable a silent install (requiring no user input). Adding an argument like that requires cmd.

PsExec Can Be Dangerous

It’s very important to understand how powerful PsExec is and how it could be used to compromise your computer when used in an otherwise unsecure environment. For example, combining -c, -u, and -p, specifically will let anyone with a network connection to your computer, and knowledge of the admin credentials, execute secret malware with anyone’s credentials. Even that last, perfectly acceptable example in the previous section takes on a whole new purpose when you consider that instead of CCleaner, someone could install anything else they desired, in the background, and no windows pop up to show that anything is happening. All that said, considering the firewall changes required and administrator credentials knowledge someone would have to have, there’s little reason to worry so long as the admin password on the remote computer is complex and other basic security measures have been taken.