30

Is it possible to use psexec to execute a command on a remote machine without having admin privileges on the remote machine?

I tried running psexec \\<machine> -u <username> -p <password>, where <username> and <password> are non-admin credentials, but I get an "access denied" error

I can remote desktop into the remote machine with the same credentials without any problems.

My local machine is running Windows 7 Enterprise 64-bit, and the remote machine is running Windows Server 2008 64-bit. I do have admin privileges on the local machine.

EDIT: To all the people who are downvoting this question: I am not trying to circumvent any sort of security measure. I can already run the process on the remote machine by remote desktop-ing into the remote machine and running it. I'm simply looking for a command-line way to do something I can already do through a GUI.

HighCommander4
  • 433
  • 1
  • 4
  • 8
  • It's a poor question because on this site we object to end users asking us how to circumvent security systems. Maybe you should have a read of this one: http://meta.serverfault.com/questions/1659/handling-illegal-immoral-questions-and-answers, followed by a read of the FAQ. – John Gardeniers Jun 15 '11 at 03:10
  • 11
    I am **not** trying to circumvent any security system. I am trying to do something I can already do through a GUI, through the command-line instead, which I find more convenient. Please explain to me how that constitutes circumventing a security system. – HighCommander4 Jun 15 '11 at 03:29
  • 5
    There are many times when a person who is an administrator has good reasons for finding a way to run a process without using full administrative rights. Sometimes, of course, it's not possible or not practical, but if a few tweaks to the system can make the difference between opening a system up fully vs. configuring it to be accessed using a more limited account, then it's often good to do the work needed to run under the more limited account. – Shannon Wagner Jun 10 '12 at 10:25
  • 11
    I administrate Windows, Linux and UNIX hosts in my job role and if I were to address a user's question by attacking him for asking the question I would soon be out of a job. This person is not requesting a method for circumventing administrative rights. He is asking for a method of using PSEXEC with limited rights to run a process that he already has rights to run through the GUI. – Robert Ebers Mar 05 '14 at 19:52

8 Answers8

28

As found at: https://stackoverflow.com/questions/534426/psexec-help-needed

You need to have admin rights on the target as part of psexec starts up a windows service on the target, and you need admin rights to be able to do that.

psexec copies a psexecsvc file to the admin share and then using remote management starts up a service using that file. It opens up named pipes and uses that for further communication. When it's finished it tidies up after itself.

Although I can't find OFFICIAL documentation that says the same thing.

Safado
  • 4,726
  • 7
  • 35
  • 53
4

Ask to be local admin on the machine.

Edit: Or run the command as a scheduled task. Or use the -l switch in PsExec:Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. See here:http://technet.microsoft.com/en-us/sysinternals/bb897553. Sorry to say but RTFM!

For example: To run Internet Explorer as with limited-user privileges use this command:

psexec -l -d "c:\program files\internet explorer\iexplore.exe"

Note that the password is transmitted in clear text to the remote system.

Guido van Brakel
  • 942
  • 5
  • 10
  • 1
    The sysadmins won't allow this, and it shouldn't be necessary. It's not necessary on Linux. – HighCommander4 Jun 15 '11 at 01:08
  • 4
    @HighCommander4, what difference does it matter whether or not it's necessary on Linux? This is a Windows environment. Stop comparing apples to oranges. – John Gardeniers Jun 15 '11 at 02:02
  • 2
    @John: I was just explaining that I'm not trying to do anything that should require admin privileges. I have two machines, with an account on each, and I'm trying to remotely start a process on one machine from the other machine. This seems to me a very natural thing to do, and it seems absurd to require admin privileges to do it. – HighCommander4 Jun 15 '11 at 02:46
  • @HighCommander4, what you are trying to do, which is administratively access a remote computer, DOES require admin access on Windows. While that may seem absurd to you it makes perfect sense to those who have to administer a Windows network. – John Gardeniers Jun 15 '11 at 03:07
  • 5
    @John: What is "administrative" about running a program on your own account? – HighCommander4 Jun 15 '11 at 03:29
  • PSExec is meant for administrative access. Or run the command as a scheduled task. Or use the -l switch in PsExec:Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. See here:http://technet.microsoft.com/en-us/sysinternals/bb897553 – Guido van Brakel Jun 15 '11 at 22:00
1

Nope, not in a useful way. Why would you want to do this and not be an admin?

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
tony roth
  • 3,844
  • 17
  • 14
  • I don't have an admin account on the target machine. I only have a non-admin account, and I would like to run a process under this account, using the command-line. What is the best way to do this? – HighCommander4 Jun 14 '11 at 22:22
  • 2
    Ask your Domain Admin to do it for you. Which shouldn't be a problem unless what you're doing is fishy, right? – Safado Jun 14 '11 at 22:25
  • 2
    Ask my Domain Admin to do what for me? I can already run the process by remote desktoping into the machine using the non-admin account, and running the process under that account, i.e. the process itself doesn't need admin privileges to run. I just want to be able to do this from the command-line rather than having to remote desktop into the machine. – HighCommander4 Jun 14 '11 at 22:33
  • To put it another way, I am simply trying to do the Windows equivalent of `ssh user@machine 'mycommand -arg1 -arg2'` on Linux. Note that with `ssh`, `user` does **not** need to have root privileges. – HighCommander4 Jun 14 '11 at 22:39
  • get ssh for windows – tony roth Jun 14 '11 at 23:09
  • 1
    Is it possible to install ssh on a Windows Server without admin privileges? If so, could you point me to a link? I tried OpenSSH but it seems to require admin privileges. – HighCommander4 Jun 15 '11 at 01:09
  • How often do you have to run this command? Maybe set it up through Scheduled Task? – Nixphoe Jun 15 '11 at 01:29
  • no you need to be admin to installl ssh just as you would need elevated perms within linux to get the ssh process running. if thelinxux admin does not want you to run ssh then you don't get to run ssh.. if the windows admin wants you to run ssh then you can. – tony roth Jun 15 '11 at 11:22
  • Have you tried any of these suggestions? http://serverfault.com/questions/8805/psexec-access-is-denied – Safado Jun 15 '11 at 16:30
  • 1
    @tony roth: You do not need elevated perms to run an SSH daemon on Linux. You just need elevated perms to run it on a privileged port (0-1023). You can configure both client and server to use a non-privileged port, without needing elevated perms on either machine. – HighCommander4 Jun 15 '11 at 18:37
  • 2
    And in fact I have managed to set up OpenSSH on the Windows server without any admin privileges by running the SSH daemon on a non-privileged port. Go ahead and downvote me for daring to take the initiative to increase my productivity at my job without consulting the Holy Sysadmins first. – HighCommander4 Jun 15 '11 at 21:48
  • wow thats great that your security is that screwed up, you wouldn't be able to run openssh on any of my servers no matter how hard you tried unless an admin let you do it, as in minimally the fw would block it. In reality I wouldn't care since your totally accurate about the issue at hand, if you can log in and run a program then you should be able to execute the same app remotely! Now if you did this at my place of work you would have been fired. Hopefully your SA's don't care. – tony roth Jun 16 '11 at 00:19
1

You'd probably be better off using Powershell commands:

0

A solution would be to use an AutoIT script to log into your remote desktop on a schedule from your workstation. Have your "startup" folder execute your process via either a batch script or another AutoIT script (so that you can cancel if doing other work). This is not command line, but it does automate your work within the parameters that your sysadmin has given you. Hope it helps.

-1

`const string subkey = "Software\Sysinternals\PsExec";

        if (Environment.Is64BitOperatingSystem)
        {
            // For 64 Bit PC
            RegistryKey registryKey64 = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64);
            RegistryKey NDPKey64 = registryKey64.OpenSubKey(subkey);
            if (NDPKey64 != null)
            {
                Registry.CurrentUser.OpenSubKey(subkey, true).SetValue("EulaAccepted", 1, RegistryValueKind.DWord);
            }
            else
            {
                RegistryKey regKey64 = registryKey64.OpenSubKey("Software", true);
                regKey64.CreateSubKey("Sysinternals\\PsExec", RegistryKeyPermissionCheck.ReadWriteSubTree);
                Registry.CurrentUser.OpenSubKey(subkey, true).SetValue("EulaAccepted", 1, RegistryValueKind.DWord);
            }
        }
        else
        {
            //For 32 bit PC
            RegistryKey registryKey32 = Registry.CurrentUser.OpenSubKey(subkey);
            if (registryKey32 != null)
            {
                Registry.CurrentUser.OpenSubKey(subkey, true).SetValue("EulaAccepted", 1, RegistryValueKind.DWord);
            }
            else
            {
                RegistryKey regKey32 = Registry.CurrentUser.OpenSubKey("Software", true);
                regKey32.CreateSubKey("Sysinternals\\PsExec", RegistryKeyPermissionCheck.ReadWriteSubTree);
                Registry.CurrentUser.OpenSubKey(subkey, true).SetValue("EulaAccepted", 1, RegistryValueKind.DWord);
            }
        }`
Shyam
  • 1
  • 4
    One sure fire way to bring yourself to the attention of the system is to post identical answers to old questions. Just dumping code without explanation isn't great either. Please update your answers with some explanation as to what the code does and how it solves the OPs problem. – user9517 Nov 27 '12 at 10:27
  • 1
    Ok, sometimes the PsExec eventhough it is installed wont invoke other exes when requested. The problem is to do with setting the EulaAccepted DWORD value to 1. I could not find a page which discusses this problem, so added here. – Shyam Nov 30 '12 at 10:02
-1

Why does someone not just say that it is not possible? I need to do something similar (Remote Exec a SAS Program), which I do have access to do if I RDP into that server (i.e. I have logon access to the server. I have file system access to the source code folder and I have access to run SAS).

No sysadmin is his/her right mind is going to grant me full admin rights on that box just to exec remotely. Basically PSTools is a sysadmin tool not designed to be used for the deployment of actual IT system solutions.

Kenny Rasschaert
  • 8,925
  • 3
  • 41
  • 58
GMT
  • 11
-2

There is probably a way to do this. It's probably as simple as editing WMI permissions on the machine. If it's not possible, then using something like WinRM would definitely work.

All of that is moot for you though. You don't have admin access to the machine at all. Therefore, you cannot make any of the changes necessary to get this going. You need to work this out with your sysadmin instead of asking us to help you go around him. Remember one thing very clearly, most of us here are sysadmins and we do not like users trying to go around us. That doesn't make us very likely to help you try to go around your sysadmins.

Jason Berg
  • 18,954
  • 6
  • 38
  • 55
  • 2
    I don't see how I'm trying to "go around" anything. The sysadmins want me to be able to run processes on that machine, otherwise I wouldn't be able to remote desktop into it. All I want is a way to run the process using the command-line rather than the remote desktop GUI. Now I could go bug the sysadmins about this, or I could simply find a way to do it myself. I thought a community of professional sysadmins would try to help me, not lecture me. – HighCommander4 Jun 15 '11 at 18:40
  • @HighCommander - The answer is that the sysadmins must provide this ability to you. You cannot do it yourself as you do not have administrative rights on the machine. If they really approve of this, then ask them to give you the rights you need to be able to do what you need to do. – Jason Berg Jun 15 '11 at 18:48