https://ss64.com/nt/
This site provides lots of windows nt command line tools and show how to use them with examples.
PS tools is a very important tool pack from microsoft. Here is an abstract of PSexec tool in PS tools.
Syntax
psexec \\computer[,computer[,..] [options] command
[arguments]
psexec @run_file [options] command [arguments]
Options:
computer The computer on which psexec will run command.
Default = local system
To run against all computers in the current
domain enter "\\*"
@run_file Run command on every computer listed in the
text file specified.
command Name of the program to execute
arguments Arguments to pass (file paths must be absolute
paths on the target system)
-a n,n,... Set processor affinity to n. Processors are
numbered as 1,2,3,4 etc
so to run the application on CPU 2 and
CPU 4, enter: "-a 2,4"
-c Copy the program (command)to the remote system
for execution.
-c -f Copy even if the file already exists on the
remote system.
-c -v Copy only if the file is a higher version or
is newer than the remote copy.
If you omit the -c option then the application must be
in the system path on the remote system.
-d Don’t wait for the application to terminate.
Only use for non-interactive applications.
-e Do NOT load the specified account’s profile.
(In early versions of PSEXEC: Load the user
account's profile, don’t use with -s)
-f Copy the specified program even if the file
already exists on the remote system.
-h Run with the account's elevated token, if
available. (Vista or higher)
-i Interactive - Run the program so that it
interacts with the desktop on the remote system.
If no session is specified, the process runs
in the console session.
-l Limited - Run process as limited user. Run
with Low Integrity.
Strips the Administrators group and allows only
privileges assigned to the Users group.
-n s Specify a timeout (s seconds) for connecting to
the remote computer.
-p psswd Specify a password for user (optional). Passed
as clear text.
If omitted, you will be prompted to enter a hidden
password.
-r The name of the remote service to create or
interact with.
-s Run remote process in the SYSTEM account (use
with caution).
-u user Specify a user name for login to remote computer
(optional).
-v Copy the specified file only if it has a higher
version number or is newer
than the one on the remote system.
-w directory Set the working directory of the process
(relative to the remote computer).
-x Display the UI on the Winlogon desktop (local
system only).
-low, -belownormal, -abovenormal, -high or -realtime
These options will run the process at a different
priority.
also -background (Vista and above) will run at
low memory and I/O priority.
-accepteula Suppress the display of the license dialog.
For PsExec to work, File and Printer sharing must be enabled on
the remote computer.
PsExec can also be used to start GUI applications, but in that
case the GUI will appear on the remote machine.
Input is passed to the remote system when you press the enter
key - typing Ctrl-C will terminate the remote process.
When you specify a username the remote process will execute in
that account, and will have access to that account's network
resources.
If you omit username the remote process will run in the same
account from which you execute PsExec, but because the remote
process is impersonating it will not have access to network
resources on the remote system.
If you do specify an alternative username/password, then PsExec
will send the password in clear text. This can be a security
risk if unauthorized network sniffers could intercept traffic
between the local and remote system.
PsExec does not require you to be an administrator of the local
filesystem, with the correct password psexec will allow UserA to
run commands as UserB - a Runas replacement.
If you kill a PsExec process, you might also need to manually
remove the background service:
sc.exe \\workstation64 delete psexesvc
PsExec can also be used to start a process (on a remote or local
machine) as SYSTEM, this is a very privileged account similar
to root on a UNIX machine ~ use with extreme caution.
Accept eula
When launched for the first time, PsExec will create the license
registry key:
HKCU\Software\Sysinternals\PsExec\EulaAccepted=0x01
Psexec will swallow the first "-accepteula" on the commandline,
no matter where it occurs, so when using psexec to run any
other ps* utilities, you will have to pass "-accepteula" twice:
psexec -accepteula -s c:\utils\pslist.exe -accepteula
Surround any long filenames "with quotation marks"
Error codes returned by PsExec are specific to the applications
you execute, not PsExec.
Internal commands
Internal commands (such as COPY, CD, DIR etc) are only available
within the CMD shell. To run these commands from PsExec you must
call CMD /C and then pass the commands as parameters - see the
examples below.
Examples:
Launch an interactive command prompt on \\workstation64, the CMD
prompt window will appear locally:
psexec \\workstation64 cmd
Execute a program that is already installed on the remote system:
psexec \\workstation64 "c:\Program Files\test.exe"
Connect to workstation64 and run IPCONFIG to display the remote
PC's IP address:
psexec \\workstation64 ipconfig
Connect to workstation64 and list a directory:
psexec \\workstation64 -s cmd /c dir c:\work
Connect to workstation64 and copy a file from another server:
psexec \\workstation64 -s cmd /c copy \\server21\share45\file.ext
c:\localpath
Execute IpConfig on the remote system, and display the output
locally:
psexec \\workstation64 ipconfig /all
Copy the program test.exe to the remote system and execute it
interactively, running under the account DannyGlover:
psexec \\workstation64 -c test.exe -u DannyGlover -p Pa55w0rd
Run Internet Explorer on the local machine but with limited-user
privileges:
psexec -l -d "c:\program files\internet explorer\iexplore.exe"
Run Regedit on the local machine with SYSTEM privileges:
psexec -s -i regedit.exe
From PowerShell, run a VBscript on a remote workstation and pass
some parameters:
PS C:> $script='C:\Program Files\demo.vbs'
PS C:> $args = "some more text"
PS C:> psexec -s \\workstation64 c:\windows\system32\cscript.exe
$script $args
No comments:
Post a Comment