Remember that PsExec works on remote systems only if it runs within an account that has administrator group membership on the remote system. How to: become the LOCAL SYSTEM account with PsExec Sep 16, 2015 (Last updated on August 2, 2018 ) If you are an administrator using Specops Deploy , you may have had the following experience: an application can be deployed without any problems when you are trying it on your local machine but when you try to deploy it you can’t seem to get it to work. The "Run as administrator" configuration causes a conflict with context menus, such as the WinZip one pictured. Open a command prompt and navigate to the folder that you have psexec in, and type the following: psexec -i -s cmd. Have Msi doesn't run on a remote server with psexec : msiexec exit with logged in as a domain admin and have successfully installed and removed other software. How to: become the LOCAL SYSTEM account with PsExec. Hello everyone, I'm not having any issues with my computer other than some slowdown problems, I'm getting a threat indicator from some things called program psexec. Originally I used the vbscript along with PSExec to remotely run the file on each remote machine which would then shoot out a log file on the server that would then be copied to a…. exe to the other computer, and start a backup of the C:-drive to some space on your \\Server. When you start PsExec, you may notice a status line saying: Starting PSEXESVC service on ordws01. Under security options > Change user or group > Advanced > Find Now > go down and choose SYSTEM (important to make it run silently in the background). Example 2 psexec. If you have more than one computer, you can put the computer names in a text file (example: computerlist. Set proper permissions in IIS 7. Psexec has the desirable feature of allowing a password argument. exe application and open an administrative command prompt (Domain Administrator credentials) in that folder. Once downloaded to your local machine, perform the following procedure: Run a command prompt as Administrator: C:\Users\User01\Desktop>whoami /user USER INFORMATION —————-User Name SID. But I can't use those accounts as a direct login unless I run a command window as Administrator to launch PSExec to open a. You can verify that by running "echo abc > x" and then run "dir /Q" to see that the newly created file is owned by administrators. One of the reasons im trying to get this to work as we wish to turn WOL on in the BIOS on all our computers and I know psexec is something that can batch run something like this. I have the admin pass. Extract PsExec. Using PE 2. I need to run an application that will access the network - and this needs to be run as a user on the domain. Have Msi doesn't run on a remote server with psexec : msiexec exit with logged in as a domain admin and have successfully installed and removed other software. Patch Installation using PowerShell, VBScript and PSExec Posted on May 20, 2011 by Boe Prox In my current environment, I am one of many people in our shop that carry the same task as many of you. Working similar to running psexec on a list of computers (psexec @file psexec switches) or using wmic to run remote commands, remote Windows machines, without the need to install psexec or learning how to use psexec and all. Are you sure you selected "Run As This User", not "Run As"? The user name field should be disabled. I cannot use the limited user (user2) to start the remote process, since psexec requires the user be an admin in the remote computer. PsExec's ability to redirect the input and output of console applications is what makes the tool a versatile systems management utility. System Administrators would want to run some simple scripts in multiple computers. For these cases, you need to run PSExec in the context of the system account. (imported topic written by jaxon1234) Has anyone come up with a solution or a workaround to use a BigFix task and elevate (Run As Admin) a Command Prompt? I have been working on a software distribution task to upgrade an existing software installation and the batch file that installs it requires the command prompt to be elevated. If it is from the system that you are running Psexec from, you may want to determine if WMI is even enabled on your target system. It works properly without using the /u or /p options. 9 with a username of demoadmin and a password of demopass. Also I think you have misunderstood - I don't run the PSEXEC command as the user - it is run as SYSTEM (so I probably don't need the "-s" switch in there really) but is watching for a file to be dropped in a certain location by a non-admin user to run the command. We needed something that we could ship, and not finding a suitable replacement, decided to write our own. To be able to open an elevated Command Prompt window, either a) your Windows user account must already have administrator privileges, or b) you must know the password to another account on the computer that has administrator privileges. Last updated on April 4th, 2018 at 11:06 amFirst, Download PsTools from here Open the. Please see PSEXEC documentation for more details. exe - Application to start. ERROR_FUNCTION_NOT_CALLED: 1627: Function failed during execution. Using PE 2. I have LHOST set to my local IP, rhost set to the target IP, SMBUser is set to 'Administrator' and SMBPass is set with the hash. GOLD LOWELL follows a standard privilege escalation model, first gaining local administrator access. Surround any long filenames "with quotation marks" Examples :. PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. The installation worked just fine on Windows XP and Windows 7 32-bit but failed on the 64-bit OS. Unless the system space on the local machine has rights to that share, it won't be found. Microsoft's PsExec tool (originally by SysInternal's Mark Russinovich) is a favorite of system administrators everywhere. Hi, I am attempting to use PSexec on an Essbase Server to kick off a CUBEREFRESH. 1) back to the windows PC administrator. Installing Discovery Agent [Win] in a Workgroup [using PsExec] Modified on: Mon, 30 Jan, 2017 at 8:02 PM The Freshservice Discovery Agent helps you keep track of your assets by sending details (and updates) about the machine it is installed on. Although this script is not as efficient as a full fledged SCCM or WUSA setup, but it can come handy in scenarios where the task of patching has to be done manually. The fantastic PsExec tool by Mark Russinovich from Microsoft SysInternals (not the Metasploit module) offers a -h option, which runs the specified executable on the remote system using the account's elevated token (if possible). 'Pstools: Access Denied in a Domain Environment' Date Wed 15 September 2010 Tags psexec / pstools / windows After upgrading to a windows 7 VM at work, I was having trouble getting pstools commands to authenticate on remote machines. PSExec command cannot be executed by a domain user using other remote local admin credentials. Exited REGEDIT. Its definitely not for a noob and would recommend them to use the GUI install for SharePoint which does a pretty good job as well. It is a more flexible alternative to the WMI Run Process action. JVM Started As Windows Service. PsExec was added by piotrex in Jun 2018 and the latest update was made in Jun 2018. This will get you a shell account running as SYSTEM, just like the agent does. im not sure what you mean by that; so if i run the batch script as domain admin then it will use the domain admin credentials to connect to the machine but will it change the domain password? i dont want that. When I run it immediately after the first failure, it fails. The thing is that you execute PsExec under YOUR account where EULA is accepted. Here is what the switches are doing: /d – Don’t wait for the script to finish running on each VM. With this update, the only Local account that can be leveraged for PSExec is the Relative Identifier (RID) 500 account, which is the default built-in Administrator account. Run an MSI with PSExec remotely is very simple, but most of the times people forget that we need to launc msiexec. While there are other workarounds like output redirection, sometimes it would be a lot faster and easier if you could do user impersonation in Windows, similar to sudo and su in Unix. Can i get a sample script. This library can run commands on a remote Windows host through Python. If you determine that this command does not work, then you should look at making sure you can access the target computer’s admin$ share. advanced, check “Run as Administrator. If I launch the command prompt as administrator and change the syntax of the command as follows (where username is the logged in user and password is. SCOM: Monitoring an Interactive Process and The Recovery Task. NOTE: The above are not necessary; use as desired to run a cmd prompt from the admin system on the user's. local admin pswd: password powerpoint location on both my system and target machine: c:\slideshow\slideshow. ' Here is a screenshot of the service that you'll need to change. The attacker needed at least one account with administrator privileges to run commands via PsExec. It can be a solution to impersonate yourself as local system. Figure 1 shows PsExec's command-line options and gives a hint as to its capabilities. exe, Psinfo. Current iperf3 version doesn’t officially support Windows or provide binaries. It is a more flexible alternative to the WMI Run Process action. I am executing psexec command from Windows 7 machine. What LocalAccountTokenFilterPolicy do is allow filtered adminstrators to connect, i. In such a case, if the batch file is executed by the administrator, then Elevate. exe from Windows Sysinternals. @ECHO OFF REM This Batch Script uses a For Loop command to REM run commands against multiple computers over the network. Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. I am running the console as a user with rights to the local psexec path and rights to connect to connect to the remote machine (where that user is part of the admin group of the remote client). exe or the take ownership reg tweak is all I can think of. PsExec -u user -p. PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. I have a station with Windows XP Profesional and I Can't run psexec. What is PSExec: This is a tool developed by the talented Mark Russinovich, now of Microsoft, that allows system administrators to execute programs on a remote computer, without having to have direct control of the desktop or without using a remote console. exe -i -s cmd. Note: -s Run the remote process in the System account. Unless the system space on the local machine has rights to that share, it won't be found. Use-background to run at low memory and I/O priority on Vista. Hi, I am attempting to use PSexec on an Essbase Server to kick off a CUBEREFRESH. psexec64 \\ -u - p -e -h -c < location of agent > -s -n Is there a way assign service accounts to the PSEXEC executed agent?. I used PSExec in the past to launch remote SAS Scripts. And if your OS is Win7 or higher its always advisable to start your psexec process as administrator. exe console tool from Microsoft’s Windows Sysinternals to run a program under the SYSTEM context. I am using the absolute path of the mapped drive for example E:\Agents Has anyone encountered this problem before and if so, is there anything I can do to make this work?! Thanks. Death to PsExec 3 minute read As a first technical blog post, I’ve decide to document some of the work I did to move away from PsExec in our environment. At this time the tool bypasses the majority of IPS vendor solutions unless they have been custom tuned to detect it. 1) I've been using a Win 10 computer to try and psexec to both Win Server 2012 R2 and Windows 7 computers. local admin pswd: password powerpoint location on both my system and target machine: c:\slideshow\slideshow. Introduction. Most of this stuff comes to me because I've had to fix/maintain/create stuff at my job. PsExec is part of a suite of tools from Sysinternals, which got bought by Microsoft in 2006. In order to remotely run an MSI with PSExec, located in a share, you would need to run the following command: [crayon-5db72f6ee1459148146450/] So in the example […]. psexec \\Envy -u Inferno\SteveDA -p [email protected]! -s cmd. Its definitely not for a noob and would recommend them to use the GUI install for SharePoint which does a pretty good job as well. When I run that exe locally on the remote machine (after right click --> "run as Admin") - it works fine. local admin pswd: password powerpoint location on both my system and target machine: c:\slideshow\slideshow. PSExec executes processes on a remote machine while redirecting output to your local system. psexec \\hostname cmd If remote service is established successfully (takes administrator access, etc) you get regular command prompt of fresh cmd window, except that anything you run in it will now be executed on remote computer. ERROR_INSTALL_PACKAGE_REJECTED: 1626: Function could not be executed. Ask to be local admin on the machine. PsExec can optionally create an interactive program on a user's desktop, can log output from the target program, and/or can obtain a return code. Can i get a sample script. Psexec Tools. I thought I might be able to do this by selecting the 'Run as different user' checkbox within the tool, but that did not make any difference. You may run the package with a full UI or with the /QR switch. This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. I don;t know how to simulate the right click --> "run as Admin" from Psexec. It uses SMB/RPC to executable commands in a similar fashion to the popular PsExec tool. Of course, you must be an administrator on the remote system, but you can also throw a switch at PSEXEC to run as a different user (a service account, for instance). But you will likely run into situations where you really need to run your application interactively as that separate login. Download PsExec. Through the info command we can take a look at the description that reports a lot of useful informations like the list of platforms affected, reliability Rank, vulnerability disclosure date, module authors, Common Vulnerability and Exposures. the Psexec solution however is really nice, that's what i used as a base for this script. Or instead, you can use psexec to remotely enable RDP. bat" location. PsExec is part of the PsTools suite of Sysinternals. We also cover pass-the-has method to login into a remote system with the password hash. Many Windows administrative console tools can run only on a local machine. Download a redistributable package; Download and extract psexec. Java Client-side Exploitation. How psexec run ??? So when psexec is used to run something on a remote system, it works by creating a new service executable called psexesvc. No, I have not. I have been using AutoSPInstaller for years now and its amazing how the product evolved over years. Jobs failing to run on some Agents and returning an “Error: Could not find file ‘C:\MetalogixScripts\. exe -i -s cmd. I finally nailed it (see above). Surround any long filenames "with quotation marks" Examples :. In such a case, if the batch file is executed by the administrator, then Elevate. exe -accepteula. exe" "\HOSTNAME" "c:\path to\server-command. Ví dụ: psexec -d -i -low cmd. One of the reasons im trying to get this to work as we wish to turn WOL on in the BIOS on all our computers and I know psexec is something that can batch run something like this. Open an elevated CMD prompt as an administrator. exe \\%%F -u Admin -p Pass net user Admin NewPass pause its weird because if i do not include the "-p Pass" then it will ofcourse ask me for a password. exe application and open an administrative command prompt (Domain Administrator credentials) in that folder. It works properly without using the /u or /p options. exe -i -s cmd. EXE NET Framework 3. exe as administrator. An easy way to get a CMD prompt as SYSTEM is to grab PSEXEC from Microsoft Sysinternals: 1. exe; Run: PsExec. Thanks, Bill Additional testing revealed some strange behavior. Along with this, the -u and -p switches are used to specify the compromised username and password so that the file can be executed with root level privileges. Thus PRTG may not be allowed to access the Remote PC or the path. Upon trying to enable remote command execution using PSExec, I ran into an issue trying to login with a local administrator account on my remote server: Access is denied. exe for this to work. exe as administrator. Although Microsoft started disabling these built-in accounts out of the box, in my experience there are many organizations that have them enabled. One of the reasons im trying to get this to work as we wish to turn WOL on in the BIOS on all our computers and I know psexec is something that can batch run something like this. Run: PSEXEC -i -s -d CMD. Hello everyone, I'm not having any issues with my computer other than some slowdown problems, I'm getting a threat indicator from some things called program psexec. Unfortunately the application has already been built - and till now we used to run the application/reports by logging in as admin. You can do the same, if for example you’re logged in as a regular domain user (without administrtor’s priviledges) and want to elevate your priviledges as “domain admin” with “runas user:your_domain\administrator cmd”. This library can run commands on a remote Windows host through Python. PsExec's ability to redirect the input and output of console applications is what makes the tool a versatile systems management utility. Last updated on April 4th, 2018 at 11:06 amFirst, Download PsTools from here Open the. I tested this out and using ExMerge with PsExec does work. PsExec was added by piotrex in Jun 2018 and the latest update was made in Jun 2018. exe on the remote system. For these cases, you need to run PSExec in the context of the system account. Starting to push EnCase servlet agent via PSEXEC. Same for the Claim Hemant Patel / October 29, 2014 at 12:31 am. System Administrators would want to run some simple scripts in multiple computers. txt -u WORKGROUP\administrator -p password msiexec /i "\\ae-test1\msi\ManageEngineAssetExplorerAgent. In my current set up, I can now do a brute force attack on the local admin password on Bob’s server. psexec using a local admin account to a UAC enabled system February 20, 2016 in psexec Enabling the abililty to use psexec over the network when credentials are available by toggling a value in the Windows registry. You will have a new CMD prompt open, as though. Navigate to the folder where you unzipped PSEXEC. If you run it from the "runas" command prompt which has a Kerberos TGT, you don't even need to specify credentials. Its definitely not for a noob and would recommend them to use the GUI install for SharePoint which does a pretty good job as well. GOLD LOWELL follows a standard privilege escalation model, first gaining local administrator access. exe console tool from Microsoft's Windows Sysinternals to run a program under the SYSTEM context. If I run an admin PowerShell session and run the below code the task sequence runs. psexec \\Envy -u Inferno\SteveDA -p [email protected]! -s cmd. up vote 5 down vote. So if you know the risks, properly secure your computers, and use some common sense – you can enable the admin share, and enjoy the benefits of using it. @file: PsExec will execute the command on each of the computers listed in the file. Follow these instructions:. Run: PSEXEC -i -s -d CMD. Or use the -l switch in PsExec:Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). PSExec works as advertised when connecting from WinXP to any other version of Windows. Can i get a sample script. Have Msi doesn't run on a remote server with psexec : msiexec exit with logged in as a domain admin and have successfully installed and removed other software. In c:\Users\Administrator\Desktop we find a file called root. contac t here. It just has one tiny flaw: PsExec can not be redistributed. Then I want to run a batch file with psexec on each of those computers. exe as the 'system' user, but when you try it with explorer. MSI, not starting it with a setup. Direct PsExec to run the application on the remote computer or computers specified. psexec \\pc25 ipconfig /renew […]. this starts a command prompt in Local System context and is perfect. How to Run Programs as SYSTEM (LocalSystem account) To run a program under the SYSTEM account, use one of the following tools: Using PsExec. I can run the command prompt as admin from the context menu. Right click > Properties and select Run as Admin under compatibility. I think it has been done before, although I couldnt find one that I could get to work so I have wrote a little GUI for PSExec. PSExec has a Windows Service image inside of its executable. the path to jstack must be fully qualified Use -accepteula to Suppress the display of the license dialog. This library can run commands on a remote Windows host through Python. Remember that PsExec works on remote systems only if it runs within an account that has administrator group membership on the remote system. Here are some tips that can save you from buying commercial software: 33. How would I change this to a different user, for example with domain admin permissions. If you omit the computer name, PsExec runs the application on the local system, and if you specify a wildcard (\\*), PsExec runs the command on all computers in the current domain. It's a bit like a remote access program but instead of controlling the remote computer with a mouse, commands are sent to the computer via Command Prompt. If connecting from a Windows Vista, Windows 7, or Windows 2008, the computer has to be a member of the domain and the – u and –p options are. Navigate to the folder where you unzipped PSEXEC. PAExec - The Redistributable PsExec. While Microsoft did purchase their company, the SysInternals tools remain free to use and are continually updated by their creators. Created a file list. However, I went a step further and created a generic write action module to be used as recovery task that restarts the process interactively on the console session. I'm just some regular middle-class guy born in 1972. Thus PRTG may not be allowed to access the Remote PC or the path. Working similar to running psexec on a list of computers (psexec @file psexec switches) or using wmic to run remote commands, remote Windows machines, without the need to install psexec or learning how to use psexec and all. It's possible to update the information on PsExec or report it as discontinued, duplicated or spam. exe \\COMPUTER C:\swsetup\install. at the “msf exploit (psexec)” command prompt now. psexec -s -i -d regedit in the CMD as Administrator RAN REGEDIT. exe-i - Run the program interactively-s - Run in the System account cmd. I've worked at a public state-funded university since 2008 and have a Bachelors Degree in Computer Science from same-said university circa 1997. link and download psexec. Oct 26, 2017 · However, when I try running ("c:\NaviTest\psexec. Open a command prompt (search "cmd" in the start menu search bar). Use PsExec. What LocalAccountTokenFilterPolicy do is allow filtered adminstrators to connect, i. I need to run an application that will access the network - and this needs to be run as a user on the domain. You could also have a permission problem. exe -i -s cmd. So here are my steps for the installation. however, we now want that users login to the database as a 'user' with limited privileges- but the VBA code, which is locked to run with privileges as admin. It is a more flexible alternative to the WMI Run Process action. exe replacement file browser might work. exe \\COMPUTER C:\swsetup\install. This allowed me to spawn a shell. The account I use for remote connection is an admin on that box. Please see PSEXEC documentation for more details. This installation is forbidden by system policy. CMD on a Planning Server, in order to run the refresh within an overnight batch. 1) Open cmd. PsExec's ability to redirect the input and output of console applications is what makes the tool a versatile systems management utility. The Sysinternals PsExec utility is as ubiquitous as they come in an IT admin arsenal. Another extremely useful feature of PSEXEC is the ability to run the same command for a list of systems. PSEXEC wont run locally presumabley for the same reason. This means we can upload PsExec and run it against another system using the higher privileges associated with the. Open a command prompt (search "cmd" in the start menu search bar). This means that it can be run on any host with Python and does not require any binaries to be present or a specific OS. Posted in PowerShell, pstools, Uncategorized / Tagged PowerShell, psexec / Leave a comment run psexec. exe \\target-pc net user /add USERNAME USERPASSWORD psexec. Get fast answers and downloadable apps for Splunk, the IT Search solution for Log Management, Operations, Security, and Compliance. Hi, I am attempting to use PSexec on an Essbase Server to kick off a CUBEREFRESH. Combining psexec and iperf for CLI measuring LAN bandwidth The site hosting iperf2 binaries for Windows is now gone. exe on the remote system. I cannot use the limited user (user2) to start the remote process, since psexec requires the user be an admin in the remote computer. And it is Windows XP machine. exe Example:: C:\Users\Administrator\Downloads\PSTools>PsExec. 9 with a username of demoadmin and a password of demopass. Copy the specified program to the remote system for execution. PSExec works as advertised when connecting from WinXP to any other version of Windows. Our TFS build agent runs under the NETWORK SERVICE account. Psexec has the desirable feature of allowing a password argument. exe and a txt file name COMPUTERS. exe /? for additional help and parameters. I am an old PSExec user, and although I do not find much use for it anymore now that PowerShell can do so. Run Command Prompt as an administrator (CTRL+SHIFT+ENTER or right-click>Run as Administrator) Change directory to the location where psexec was extracted (eg: cd C:\users\Administrator\downloads. This works fine, apart from some of the installs fail due to the script not running as an administrator (if I log on, right-click and select "Run as Administrator" the script runs and installs successfully. So I deleted user object 5-9 again, and went searching for a solution. We can even have commands and/or programs run under SYSTEM instead of our account privileges by utilizing the -s flag. The Admin$ share must be available and accessible. It’s a light-weight program that allows you to connect to remote machines and run software. exe, Psinfo. PsExec is a light-weight telnet replacement that lets you execute processes on remote systems. That exe creates a new local user. I run PSExec using the -u -p options, and I am able to run the command and successfully build the installers from a command prompt against the remote machine. In other words, unless the account from which you run it has administrative access to a remote system, PsExec won’t be able to execute a process on the remote system. What LocalAccountTokenFilterPolicy do is allow filtered adminstrators to connect, i. With pypsexec you can run commands of a remote Windows host like you would with PsExec. In this tutorial you will learn how to manage centrally passwords and make sure that they are different on every computer in the. This installation is forbidden by system policy. Although Microsoft started disabling these built-in accounts out of the box, in my experience there are many organizations that have them enabled. Download a redistributable package; Download and extract psexec. it looks like when launching the bat file as administrator, the working directory is different. Oct 26, 2017 · However, when I try running ("c:\NaviTest\psexec. It is a hidden SMB share that maps to the Windows directory is intended for software deployments. Jobs failing to run on an Agent machine with an “Error: The system cannot find the file specified. exe \\%%F -u Admin -p Pass net user Admin NewPass pause its weird because if i do not include the "-p Pass" then it will ofcourse ask me for a password. User Account Control (UAC) and PsExec posted Jun 8, 2014, 12:38 PM by Christopher Byrd [ updated Jun 8, 2014, 3:15 PM ] Recently I ran across a scenario where the Microsoft Sysinternals tool PsExec would not work against a Windows 7 domain-joined computer. PsExec's most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig. Along with this, the -u and -p switches are used to specify the compromised username and password so that the file can be executed with root level privileges. It applies to Windows 7/8 and Server 2008/2012 ( Windows 10 has a slightly different method ). The Sysinternals PsExec utility is as ubiquitous as they come in an IT admin arsenal. EX: psexec \\win2000 cmd All pipe instances are busy. exe it doesn't show up in the desktop and you can't interact with it (a security feature I think. exe replacement file browser might work. It uses SMB/RPC to executable commands in a similar fashion to the popular PsExec tool. local admin pswd: password powerpoint location on both my system and target machine: c:\slideshow\slideshow. Psexec lets you run remote commands. If you have more than one computer, you can put the computer names in a text file (example: computerlist. Open an elevated CMD prompt as an administrator. So if you know the risks, properly secure your computers, and use some common sense – you can enable the admin share, and enjoy the benefits of using it. exe /i /IACCEPTEULA hostnames:-remote. JVM Started As Windows Service. This means we can upload PsExec and run it against another system using the higher privileges associated with the. Sandboxed Code, On which server, Sandbox service will run, false means do not need to host. This tool allows administrators to remotely run commands just as if they were on the local computer. Ask to be local admin on the machine. For example, to run the application on CPU 2 and CPU 4, enter: "-a 2,4 "-c. So if you know the risks, properly secure your computers, and use some common sense – you can enable the admin share, and enjoy the benefits of using it. pstools\psexec. Exited REGEDIT. Recalling my blog of February 23 i used a PowerShell script to start a deployment of a MDT Litetouch task sequence remotely via the use of psexec. im not sure what you mean by that; so if i run the batch script as domain admin then it will use the domain admin credentials to connect to the machine but will it change the domain password? i dont want that. Open a command prompt and navigate to the folder that you have psexec in, and type the following: psexec -i -s cmd. If we run the first command, this will return delegation and impersonate tokens we can use. raw - Executes a low-down and dirty command The official documentation on the raw module. Run commands after psexec communication terminates This runs detached (dont wait for process to terminates, -d) because otherwise communication will end when firewall is turned off and psexec exits (Win 7 behaviour), stopping firewall being able to be restarted.