Running commands on Windows machine remotely from other machine using psexec
From Notes_Wiki
Home > Windows > Windows 7 or Vista > Running commands on Windows machine remotely from other machine using psexec
To remotely control a Windows machine from another windows machine, we can use psexec utility. This utility allows executing commands remotely. To use psexec follow these steps:
- Download psexec from https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx?f=255&MSPPError=-2147217396 This would give a zip file which should be extracted to get many tools including psexec
- On remote computer do the following
- Disable firewall from psexec computer. This is better than disabling Windows firewall completely. To disable firewall from a given host go to Control Panel ->
- Add custom rule to allow all applications, all protocols to any local address from given remote address or subnet appropriately
- Add Windows Registry Key for Remote Authentication by starting 'regedit'
- Go to HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> Current version -> Policies -> System.
- Add REG_DWORD (32 bit) named LocalAccountTokenFilterPolicy and set its value to 1.
- From psexec computer try getting a remote cmd using:
- psexec //<remote-ip> "cmd.exe"
-
- Strangely things might work without any authentication. This is why adding exception only for a certain IP is better than disabling firewall all together.
- Example command to shutdown machine remotely is:
- psexec //<remote-ip> "cmd.exe" "/c shutdown /s"
Home > Windows > Windows 7 or Vista > Running commands on Windows machine remotely from other machine using psexec
