How to use psexec to start installation or other task that requires UAC interaction?
Solution 1
You need to use the -u option and specify an account that has local admin access to that machine (a local account, domain admin account etc)
-u Specifies optional user name for login to remote computer.
For example
psexec \\pc999.myDomain.loc -u pc999\Administrator <your exe
>
Solution 2
The -h parameter is key here: without it, psexec does not not execute the command with UAC elevated privileges on Windows Vista and above:
C:\Users\merickson>psexec /? PsExec v1.97 - Execute processes remotely Copyright (C) 2001-2009 Mark Russinovich Sysinternals - www.sysinternals.com PsExec executes a program on a remote system, where remotely executed console applications execute interactively. Usage: psexec [\\computer[,computer2[,...] | @file]][-u user [-p psswd] [-n s][-l][-s|-e][x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>] [-a n,n,...] cmd [arguments] ... -h If the target system is Vista or higher, has the process run with the account's elevated token, if available. ...
(edit: added evidence of -h switch's existence, per comment below)
Solution 3
psexec \<remote IP> -u user -p password -h netsh advfi
rewall firewall add rule name="AllowRDP " dir=in action=allow protocol=TCP local
port=3389
Solution 4
Apparently my process was being blocked not because psexec was ignoring the provided login.
Not sure why, but using Vista as a client machine the credentials passed with -u and -p parameters weren't actually being used to login to the server (figured out using event viewer on the server). Instead, it was always the logged in user that was being used. Apparently this is what happens when both machines are in the same domain.
Had to open the credentials manager (Control Panel > User Accounts > Manage your network passwords) and create a new set for the target machine with the user I wanted to use for psexec.
Related videos on Youtube
VerticalGrain
Software Engineer currently working at OutSystems with a passion for coding and camping.
Updated on September 17, 2022Comments
-
VerticalGrain almost 2 years
I'm trying to remotely start installations and I'd like not to disable UAC. If I start the processes remotely using psexec, the installer will just get stalled waiting for the UAC prompt. Other tasks such as temporary files cleaning, services restarting, etc, will get me Access Denied errors. Is there anyway psexec can walk around UAC such as logging in with Administrator but with the TrustedInstaller privileges or something like that?
By the way, I'm targeting Windows 2008 R2, but I think this question applies to Vista, 2008 and Windows 7 as well.
-
Hecter about 14 yearsIt is also necessary to use the -h parameter in order to bypass UAC.
-
John Röthlisberger about 14 yearsCheers Miles! I downloaded the 1.97 and sure enough it has the -h flag -- the website doesn't mention it which is why I made the original comment.
-
Ed Sykes over 13 yearsFurthermore, once you have the credentials in the vault, you don't need to give the credentials to psexec. It doesn't hurt to give the credentials though.