Windows 10 PsExec localhost

psexec \\machine -u USERNAMR -p PASSWORD -h -c -f script.bat

or just omit -p PASSWORD to securely prompt for password:

psexec \\machine -u USERNAMR -h -c -f script.bat

-h is to "run with the account's elevated token, if available". So, if you don't run your CMD with elevated privileges, no elevated token is available! There's nothing wrong with Windows. It needs either an elevated token, or elevated credentials to gain that token.

NetwOrchestration

Posted 2016-07-15T09:29:07.807

Reputation: 2 385

On the first point, I was already entering the password, so I've amended my question to reflect that.

On your second point, why does Windows not require an elevated token when running the script on a remote machine? – Franzl – 2016-07-15T11:05:28.857

What version of Windows, the command should require a UAC prompt on any version of Windows greater than 8. – Ramhound – 2016-07-15T11:38:55.457

The local and target machines are both running Windows 10. When running psexec on the local machine, from a non-elevated prompt, script.bat runs on the target machine elevated. However, this doesn't happen if the local and target machine are the same. The user is a domain account in the Administrators group on both machines. – Franzl – 2016-07-15T11:57:03.040

You are right. My guess is it needs to access \localhost\admin$ and that's an administrative share. so, because it's a local address, it tries to use the current token, instead the credentials you provided. – NetwOrchestration – 2016-07-15T12:38:32.573

@Ramhound I just tried on a system with disabled UAC and LocalAccountTokenFilterPolicy set to disabled (accesible administrative share from network) and still no luck! It's something sysinternals should fix. – NetwOrchestration – 2016-07-15T12:45:28.873

Windows 10 PsExec localhost

Answers