How to use psexec without admin privileges on target machine?

windows remote-access pstools
90,014

Solution 1

As found at: https://stackoverflow.com/questions/534426/psexec-help-needed

You need to have admin rights on the target as part of psexec starts up a windows service on the target, and you need admin rights to be able to do that.

psexec copies a psexecsvc file to the admin share and then using remote management starts up a service using that file. It opens up named pipes and uses that for further communication. When it's finished it tidies up after itself.

Although I can't find OFFICIAL documentation that says the same thing.

Solution 2

Ask to be local admin on the machine.

Edit: Or run the command as a scheduled task. Or use the -l switch in PsExec:Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. See here:http://technet.microsoft.com/en-us/sysinternals/bb897553. Sorry to say but RTFM!

For example: To run Internet Explorer as with limited-user privileges use this command:

psexec -l -d "c:\program files\internet explorer\iexplore.exe"

Note that the password is transmitted in clear text to the remote system.

Solution 3

Nope, not in a useful way. Why would you want to do this and not be an admin?

Solution 4

You'd probably be better off using Powershell commands:

Share:
90,014

Related videos on Youtube

HighCommander4
Author by

HighCommander4

Updated on September 18, 2022

Comments

  • HighCommander4
    HighCommander4 almost 2 years

    Is it possible to use psexec to execute a command on a remote machine without having admin privileges on the remote machine?

    I tried running psexec \\<machine> -u <username> -p <password>, where <username> and <password> are non-admin credentials, but I get an "access denied" error

    I can remote desktop into the remote machine with the same credentials without any problems.

    My local machine is running Windows 7 Enterprise 64-bit, and the remote machine is running Windows Server 2008 64-bit. I do have admin privileges on the local machine.

    EDIT: To all the people who are downvoting this question: I am not trying to circumvent any sort of security measure. I can already run the process on the remote machine by remote desktop-ing into the remote machine and running it. I'm simply looking for a command-line way to do something I can already do through a GUI.

    • John Gardeniers
      John Gardeniers about 13 years
      It's a poor question because on this site we object to end users asking us how to circumvent security systems. Maybe you should have a read of this one: meta.serverfault.com/questions/1659/…, followed by a read of the FAQ.
    • HighCommander4
      HighCommander4 about 13 years
      I am not trying to circumvent any security system. I am trying to do something I can already do through a GUI, through the command-line instead, which I find more convenient. Please explain to me how that constitutes circumventing a security system.
    • Shannon Wagner
      Shannon Wagner about 12 years
      There are many times when a person who is an administrator has good reasons for finding a way to run a process without using full administrative rights. Sometimes, of course, it's not possible or not practical, but if a few tweaks to the system can make the difference between opening a system up fully vs. configuring it to be accessed using a more limited account, then it's often good to do the work needed to run under the more limited account.
    • Robert Ebers
      Robert Ebers over 10 years
      I administrate Windows, Linux and UNIX hosts in my job role and if I were to address a user's question by attacking him for asking the question I would soon be out of a job. This person is not requesting a method for circumventing administrative rights. He is asking for a method of using PSEXEC with limited rights to run a process that he already has rights to run through the GUI.
  • HighCommander4
    HighCommander4 about 13 years
    I don't have an admin account on the target machine. I only have a non-admin account, and I would like to run a process under this account, using the command-line. What is the best way to do this?
  • Safado
    Safado about 13 years
    Ask your Domain Admin to do it for you. Which shouldn't be a problem unless what you're doing is fishy, right?
  • HighCommander4
    HighCommander4 about 13 years
    Ask my Domain Admin to do what for me? I can already run the process by remote desktoping into the machine using the non-admin account, and running the process under that account, i.e. the process itself doesn't need admin privileges to run. I just want to be able to do this from the command-line rather than having to remote desktop into the machine.
  • HighCommander4
    HighCommander4 about 13 years
    To put it another way, I am simply trying to do the Windows equivalent of ssh user@machine 'mycommand -arg1 -arg2' on Linux. Note that with ssh, user does not need to have root privileges.
  • tony roth
    tony roth about 13 years
    get ssh for windows
  • HighCommander4
    HighCommander4 about 13 years
    The sysadmins won't allow this, and it shouldn't be necessary. It's not necessary on Linux.
  • HighCommander4
    HighCommander4 about 13 years
    Is it possible to install ssh on a Windows Server without admin privileges? If so, could you point me to a link? I tried OpenSSH but it seems to require admin privileges.
  • Nixphoe
    Nixphoe about 13 years
    How often do you have to run this command? Maybe set it up through Scheduled Task?
  • John Gardeniers
    John Gardeniers about 13 years
    @HighCommander4, what difference does it matter whether or not it's necessary on Linux? This is a Windows environment. Stop comparing apples to oranges.
  • HighCommander4
    HighCommander4 about 13 years
    @John: I was just explaining that I'm not trying to do anything that should require admin privileges. I have two machines, with an account on each, and I'm trying to remotely start a process on one machine from the other machine. This seems to me a very natural thing to do, and it seems absurd to require admin privileges to do it.
  • John Gardeniers
    John Gardeniers about 13 years
    @HighCommander4, what you are trying to do, which is administratively access a remote computer, DOES require admin access on Windows. While that may seem absurd to you it makes perfect sense to those who have to administer a Windows network.
  • HighCommander4
    HighCommander4 about 13 years
    @John: What is "administrative" about running a program on your own account?
  • tony roth
    tony roth about 13 years
    no you need to be admin to installl ssh just as you would need elevated perms within linux to get the ssh process running. if thelinxux admin does not want you to run ssh then you don't get to run ssh.. if the windows admin wants you to run ssh then you can.
  • Safado
    Safado about 13 years
    Have you tried any of these suggestions? serverfault.com/questions/8805/psexec-access-is-denied
  • HighCommander4
    HighCommander4 about 13 years
    @tony roth: You do not need elevated perms to run an SSH daemon on Linux. You just need elevated perms to run it on a privileged port (0-1023). You can configure both client and server to use a non-privileged port, without needing elevated perms on either machine.
  • HighCommander4
    HighCommander4 about 13 years
    I don't see how I'm trying to "go around" anything. The sysadmins want me to be able to run processes on that machine, otherwise I wouldn't be able to remote desktop into it. All I want is a way to run the process using the command-line rather than the remote desktop GUI. Now I could go bug the sysadmins about this, or I could simply find a way to do it myself. I thought a community of professional sysadmins would try to help me, not lecture me.
  • Jason Berg
    Jason Berg about 13 years
    @HighCommander - The answer is that the sysadmins must provide this ability to you. You cannot do it yourself as you do not have administrative rights on the machine. If they really approve of this, then ask them to give you the rights you need to be able to do what you need to do.
  • Guido van Brakel
    Guido van Brakel about 13 years
    PSExec is meant for administrative access. Or run the command as a scheduled task. Or use the -l switch in PsExec:Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. See here:technet.microsoft.com/en-us/sysinternals/bb897553
  • tony roth
    tony roth about 13 years
    wow thats great that your security is that screwed up, you wouldn't be able to run openssh on any of my servers no matter how hard you tried unless an admin let you do it, as in minimally the fw would block it. In reality I wouldn't care since your totally accurate about the issue at hand, if you can log in and run a program then you should be able to execute the same app remotely! Now if you did this at my place of work you would have been fired. Hopefully your SA's don't care.
  • user9517
    user9517 over 11 years
    One sure fire way to bring yourself to the attention of the system is to post identical answers to old questions. Just dumping code without explanation isn't great either. Please update your answers with some explanation as to what the code does and how it solves the OPs problem.
  • Shyam
    Shyam over 11 years
    Ok, sometimes the PsExec eventhough it is installed wont invoke other exes when requested. The problem is to do with setting the EulaAccepted DWORD value to 1. I could not find a page which discusses this problem, so added here.
  • Flup
    Flup about 11 years
    This rant doesn't answer the question at all.
  • Amit Naidu
    Amit Naidu about 11 years
    Actually it does. +1

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why does my PowerShell script hang when called in PSEXEC via a batch (.cmd) file?
Remote access to windows 7 command prompt
Corrupted MAC on input. ssh_dispatch_run_fatal:message authentication code incorrect unable to ssh jupyter notebook on remote server
How to keep remote powershell command alive after session end?
Double hop access to copy files without CredSSP
How to install winexe on Ubuntu?
Can I access Ubuntu from Windows remotely?
How to login to different user in RDP locked system
How to share outside your network
Best way to screen share between a PC Desktop & Mac Laptop