Remote-access Guide

how to enabled remote access in psexec

by Tillman Bednar II Published 2 years ago Updated 2 years ago
image

With PSexec, you can run Enable-PSRemoting from your local computer using the following command. The command below is calling psexec and connecting to the ServerB server. It then starts a PowerShell

PowerShell

PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. Initially a Windows component only, known as Windows PowerShell, it was made open-source and cross-platform on 18 August 20…

process and executes the Enable-PSRemoting command with the -Force switch to skip the usual prompts.

Connect to the computer
If you use PowerShell Remote, you can use Enter-PSSession cmdlet to connect to the computer. If you use PSExec tool. Download the app and drop it into your c:\ drive, you can run this command and get command line access for that remote box.
May 20, 2019

Full Answer

How to run PsExec?

What You Need to Do Before Using PsExec

  1. Open the Run window by pressing Windows and R keys, and then type firewall.cpl and hit OK.
  2. Click the Allow an app or feature through Windows Defender Firewall option the in the left pane of pop-up window.
  3. Ensure that the File and Folder Sharing option is selected in the Private box, and then click OK to save the changes.

More items...

How to enable remote desktop in Windows 10?

To enable the remote desktop protocol with PowerShell, use these steps:

  • Open Start on Windows 10.
  • Search for PowerShell, right-click the top result, and select the Run as administrator option.
  • Type the following command to enable the remote desktop protocol and press Enter: Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

More items...

How to enable remote desktop using PowerShell on Windows 10?

  • The WinRM service should be started;
  • You must have administrator permissions on the remote device;
  • Windows Defender Firewall with Advanced Security must be disabled or the rules that allow remote access through PowerShell Remoting should be enabled.

How do you turn on Remote Desktop?

In addition, you can turn on remote desktop in Control Panel, and here are steps you should follow:

  1. Open Control Panel in Windows 11.
  2. View items by Category and go to System and Security.
  3. In the pop-up, click the Allow remote access link from the System section.
  4. Under the Remote tab, move to the Remote Desktop section and make sure the option – Only allow connections from computers running Remote Desktop with Network Level Authentication ...

More items...

image

How do I remotely enable remote access?

Allow Access to Use Remote Desktop ConnectionClick the Start menu from your desktop, and then click Control Panel.Click System and Security once the Control Panel opens.Click Allow remote access, located under the System tab.Click Select Users, located in the Remote Desktop section of the Remote tab.More items...•

Does Psexec need to be installed on remote machine?

Installing PSexec (With Remote Computer Setup) Technically, you don't install PsExec since it's just a command-line utility but close enough. Since no installation is necessary, you simply need to download and extract it from the PsTools zip file.

How do I enable Remote Desktop in PowerShell?

Enable Remote Desktop using Command lineOpen Command Prompt or PowerShell with administrator privilege.Set value of fDenyTSConnections REG DWORD to 0.Add a Firewall rule.Restart your computer.Start using Remote Desktop in Windows 10.

Does PsExec use RDP?

As a command-line interface, PsExec only requires you to provide the target address, user detail, and password to gain access to the targeted computer. Unlike Telnet and Remote Desktop Protocol (RDP), PsExec won't ask you to install a client program on your PC or another software on the remote host either.

How do I run a command remotely?

How can I run a command on a remote computer with wmic?Press the Windows key, search for Command Prompt, and select Run as administrator.On the Command Prompt, type wmic, and then press Enter .Input the following command: WMIC /node:ComputerName process call create “cmd.exe /c GPUpdate.exe”

How do I know if Remote Desktop is enabled?

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server and to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services. If the value of the fDenyTSConnections key is 0, then RDP is enabled. If the value of the fDenyTSConnections key is 1, then RDP is disabled.

Where do I install PsExec?

PsExec must be installed in a directory that is specified in the %SystemRoot% environment variable (typically C:\Windows).

Where is PsExec located?

\windows\system32 directoryIf you don't specify the path of the program you want to execute, PsExec looks in the \windows\system32 directory of the remote system. " PsExec looks in the \windows\system32 directory of the remote system" - this applies to psexec behavior and it isn't related to your question - where to keep psexec locally.

Can't start PsExec service on remote computer access is denied?

try running the command prompt as the user you are connecting as, by holding shift + Right click on the CMD launcher, and selecting run as differant user. I've generally had bad luck trying to specify the user in the psexec command in domain situations. then you can use psexec \\machine cmd .

How do I run PsExec as system?

Run cmd.exe process as System Account in Windows 7Download PsExec.exe (this is part of Sysinternals PsTools)Start command prompt (cmd) as Administrator.Navigate to location of downloaded PsExec.exe.Run: PsExec.exe -i -s cmd.exe. -i - Run the program interactively. -s - Run in the System account.

How to use psexec command prompt?

One of the easiest ways to use PsExec to run Command Prompt commands on a remote computer is to execute cmd following the machine’s IP address, 192.168.86.62 in this example.

How does psexec work?

Much like any command-line tool, PsExec works only when its syntax is followed exactly. Once you understand how to type commands in the way the tool understands them, you can control the program from any Command Prompt.

Why is PsExec a dangerous file?

The reason this happens is because malware has been known to use PsExec to transfer viruses.

What does psexec do?

Directs PsExec to run the application on the remote computer (s) specified. If omitted, PsExec runs the application on the local system, and if a wildcard ( \*) is specified, PsExec runs the command on all computers in the current domain.

How to extract files from pstools.zip?

Extract the files from the PsTools.zip download. You can do that by right-clicking the ZIP file and selecting Extract All. Any third-party file extractor will work, too.

How to open firewall.cpl?

Enter firewall.cpl in the Run dialog box . One way to open Run is through the WIN+R keyboard shortcut.

Is there a reason to worry about the admin password on a remote computer?

All that said, considering the firewall changes required and administrator credentials knowledge someone would have to have, there's little reason to worry so long as the admin password on the remote computer is complex and other basic security measures have been taken.

What is psexec?

PSExec is a handy utility that allows you to run remote commands like like PSRemoting does. However, PSexec uses a different communication method which you can use to your advantage!

How to enable psremoting?

The command below is calling psexec and connecting to the ServerB server. It then starts a PowerShell process and executes the Enable-PSRemoting command with the -Force switch to skip the usual prompts.

What is the final configuration item to add to your GPO?

The final configuration item to add to your GPO is creating the WinRM listener ad allowing connections to that WinRM listener. This setting creates the WinRM listener for HTTP and allows connections to it from the specified IPs or IP ranges.

What is the difference between PSRemoting and WinRM?

On any current Windows OS, the same basic steps happen. PSRemoting gets enabled, the WinRM HTTP listener gets created, and the firewall rules are enabled. The key difference is the the way Public networks are handled.

How to enable WinRM service?

To enable the WinRM service on all target computers: Open up the GPMC and create a GPO. While in the new GPO, navigate to Computer Configuration —> Windows Settings —> Security Settings —> System Services. Select Windows Remote Management (WS-Management).

What port is 5985?

Creates a listener on the default WinRM ports 5985 for HTTP traffic.

How to enable WinRM across a wide range of computers?

The last, and arguably the best option for enabling WinRM across a wide range of computers is through group policy. When using Group Policy, you can create a single Group Policy Object and apply that policy across thousands of computers at once.

What does psexec do when it starts executing a remote command?

Whenever PsExec begins executing a remote command you will see text similar to the following displayed in your terminal.

What is psexec used for?

PsExec is a command-line utility that can be used to execute programs remotely on other Windows machines to which you have network access. PsExec redirects the console output of remotely executed programs to the client machine such that they appear to be running locally.

What is the SCM in psexec?

PsExec then uses the SCM (Service Control Manager) on the remote machine (which has a remote interface) to start the service on the remote machine.

How to download pstools?

On the Microsoft Docs SysInternals page click on the ‘Download PsTools’ link which will download a zip file containing all of the available PsTools, including PsExec.

How to pass input to remote system?

Input is only passed to the remote system when you press the enter key, and typing Ctrl-C terminates the remote process. If you omit a user name the process will run in the context of your account on the remote system, but will not have access to network resources (because it is impersonating).

How to pass arguments to remote program?

If you need to pass arguments to the remote program you are executing, simply add the arguments to the end of the overall command, as follows.

How to launch console host?

Tip: If you wish to quickly launch the standard Windows Console host (Command Prompt) in the current directory via File Explorer, simply type ‘cmd’ within the File Explorer location bar and press the Enter/Return key.

How to enable PowerShell remoting?

We can either enable PowerShell remoting by executing the command “Enable-PSRemoting -Force” under administrative context. This can be either done locally on each systems by executing the commands or remotely via a group policy or through SCCM.

Does PowerShell work with PSEXEC?

PSEXEC shell does not work well (interactively) with PowerShell as it works with cmd commands. But in windows 10, the interactive part is much better.

How to enable RDP remotely?

To enable RDP remotely, you need to configure and run the WinRM service (Windows Remote Management) on the remote computer. The WinRM service is enabled by default in all versions of Windows Server starting with Windows Server 2012. However, WinRM is disabled by default in client operating systems such as Windows 10. Thus, to enable Remote Desktop remotely via PowerShell, the remote computer must meet the following requirements: 1 The WinRM service should be started; 2 You must have administrator permissions on the remote device; 3 Windows Defender Firewall with Advanced Security must be disabled or the rules that allow remote access through PowerShell Remoting should be enabled.

How to enable RDP on a local computer?

To enable RDP on a local computer, you need to open the “System” Control Panel item, go to the “Remote Settings” tab and enable the Allow remote connections to this computer option in the Remote Desktop section. However, this requires local access to the computer on which you want to enable RDP.

How to Enable Remote Desktop over WMI?

If you want to enable RDP on a remote computer where WinRM is disabled (for example, on a regular computer with Windows 10), you can use the WMI PowerShell command.

What does RDP on remote host mean?

This means that RDP on the remote host is enabled and you can establish a remote desktop connection using mstsc.exe, RDCMan, or any alternative RDP client.

What is the default port for remote desktop?

Hint. By default, TCP/3389 port is used for incoming Remote Desktop connections on Windows. You can change the default RDP port number through the registry using the PortNumber parameter in the reg key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp.

How to add users to remote desktop?

You can add the desired users to the Remote Desktop Users locally by using the Local Users and Groups MMC snap-in ( LUSRM GR.MSC ).

How to run regedit.exe?

Press the Win + R key combination and in the Run window type regedit.exe > Ok;

image

What Is Psexec?

Psexec Setup

  • The usual approach for getting access to PsExec is to first of all download it onto your machine (I discuss an alternative at the end of this section). On the Microsoft Docs SysInternals pageclick on the ‘Download PsTools’ link which will download a zip file containing all of the available PsTools, including PsExec. Extract the contents of the zip ...
See more on jonathancrozier.com

Psexec Usage

  • Now that PsExec is available on your local machine, execute the following command within your terminal (make sure your current working directory is set to the folder containing PsExec). By default, whenever you execute PsExec without specifying any command-line arguments, PsExec will display help information. I have included the terminal output below for reference. As you ca…
See more on jonathancrozier.com

How It Works

  • Whenever a remote command is initiated, PsExec copies a Windows Service program named ‘PsExecSvc’ (cleverly contained within its own executable image) to the remote machine. PsExec then uses the SCM (Service Control Manager) on the remote machine (which has a remote interface) to start the service on the remote machine. When started, the PsExecSvc service open…
See more on jonathancrozier.com

Security

  • Although of course, PsExec itself is not a virus, it has been used by viruses to propagate malicious programs across networks. As a result, PsExec can be reported as a virus by some anti-virus programs. Of course, viruses are merely using PsExec as a convenient way to do some things that they could implement themselves with a bit of time and effort. Much of the security concerns ar…
See more on jonathancrozier.com

Summary

  • In summary, we have learned what PsExec is and how easy it is to install and use. We’ve also delved into how PsExec works behind the scenes and have considered the security implications. PsExec offers a lot of options for remotely executing programs and it can be a very useful tool in the arsenal of a Windows system administrator. I would encourage you to check out the other S…
See more on jonathancrozier.com

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9