15

I'm trying to connect from a Win 7 machine to a Win2k8R2 machine using the command:

psexec \MACHINE_NAME_HERE -u MACHINE_NAME_HERE\Administrator -p PASSWORD_HERE notepad

When I try this I get the error message:

Couldn't access MACHINE_NAME_HERE Access is denied.

I tried omitting the -p and manually putting in the password, but the same issue persists.

When I check the machine I'm trying to access I see that in the security event viewer that the Administrator login was successful, so I know the username password is correct, and the machine is accepting my login, but I also noticed that it tries to also log in with my domain account, which isn't in the admin list on the remote machine. If I add my domain account to the remote machine then everything works, but in this case it defeats the purpose, sometimes I need to be able to run commands on the machine when it's no on the domain.

The machine is set to use the simple model for Sharing and Security as well.

Zipper
  • 403
  • 1
  • 5
  • 11
  • 1
    I think Simple File Sharing will prevent the use of the Admin$ shares which are required by psexec. Try turning off Simple File Sharing. Also try the -i switch if you're trying to have something interact with the desktop. – explunit Mar 20 '13 at 20:35

1 Answers1

30

This is because psexec still tries to access the ADMIN$ share with your local credentials, before executing your command as another user. According to this thread, you can cache credentials before executing psexec:

cmdkey.exe /add:MACHINE_NAME_HERE /user:MACHINE_NAME_HERE\Administrator /pass:PASSWORD_HERE 
psexec.exe \\MACHINE_NAME_HERE -i notepad
cmdkey.exe /delete:MACHINE_NAME_HERE

I added -i, since you specified running notepad here. Without the -i, notepad will sit idle with no interacton. Also, please remembet that, when you use -u, psexec will send the password in plaintext.

twasbrillig
  • 103
  • 5
JelmerS
  • 777
  • 6
  • 12
  • +1 This helped me today :-) – Kin Shah Sep 14 '15 at 21:24
  • The last message by Lxocram of Oct 15, 2015 in the Sysinternals thread suggests that specifying \\localhost works the issue around. I do not know the root cause, but using \\localhost worked for me. – eel ghEEz Feb 25 '16 at 01:54
  • `\\localhost` didn't solve the issue in my case (`PsExec.exe \\localhost -u B580\Admin -i -h regedit.exe`) - same error happens prepended with extra message `Couldn't access localhost:` – AntonK Oct 22 '17 at 08:16
  • Great, I just connect to ADMIN$ using local admin account and check "save password", then I can run command line psexec without username or password. – Vojtěch Dohnal May 18 '21 at 19:56