Acces denied when using psexec - cmd

I try to use the psexec program via command line to run program on another pc connected to my local network.
What i try to accomplish?:
I want to code a program that lets user send links ( to ebay auction e.g. ) to chosen pc from local network, for that i want to use psexec as a main component.
What is my problem?:
When i try to dry use psexec ( e.g. psexec \\another-pc cmd ) i got acces denied every time i try this ( no matter what machine is target ).
What i tried?:
So far i tried to fetch login credentials in command line:
psexec \\some-pc -u someuser -p password cmd
I also tried to disable UAC on target PC with this line:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
I think i could do that easily if i knew a passwod for -p part, but none of my pcs have passwords set, all default users are admins,
My question is, does windows set any default password for local network acces like masterkey or smth ?
I'm a bit confused on what shall i do next.
If anyone know what should i do to overcome this obstacle i would be gratefull.

To use psexec remotely you should be an admin on a remote PC. And since Windows does not allow remote connections for admins with an empty password so you'll either need to set a password for your admin user or create a new user.
BTW your question is more suitable for superuser, not stackoverflow.

Related

Batch command tasklist for remote computer

i'm trying to use tasklist command in cmd.exe for list all processes on my remote Windows 10 PC (which is in my home and connected on the same network as my main computer).
But when I type in cmd.exe from my main computer tasklist /s <his IP> /u Lucas /p <Lucas's password> it shows me Error : Incorrect user or password but user Lucas is the local admin for this remote PC and I'm 100% sure it's the right password, I really don't understand.
I have tried to disable firewall for private network, without success.
I have tried to add an exception in the firewall for port 135 (TCP), without success.
Ping command works fine.
I hope you can help me.
Regards.
Solved my problem by doing powershell Invoke-Command -ComputerName <ip of the remote computer> -Credential <his_name>\PC_Guest -ScriptBlock {Get-Process}
with <his_name> the name of the remote PC.
For the explanations PC_Guest was the old name of the admin account that I renamed to Lucas and I think that when we rename administrators accounts, Windows not change completely the name in permissions system, so that is why I had Access Denied or Unknown user or password errors with user Lucas.
Thanks #lit for your answer.

PsExec works only with "runas /netonly", not with -u and -p parameters

What I mean:
If I...
run runas /netonly /user:computername\username cmd
enter the password for the local admin account "username"
then type psexec \\computername cmd
I now have a working shell and can run commands as the local admin user on the remote machine.
However, trying to run this without the runas... and instead with the username and password arguments of psexec returns an access denied error.
Example below:
psexec \\computername -u username -p password cmd
Access Denied
Note: Others seem to also have this issue. My refined questions:
Is this intended behavior?
Why even have the -u and -p?
I have also tried disabling the firewall on both my machine and the target machine, and adding the registry key listed here.
When you initiate a connection with PsExec.exe, it tries to use the credentials you are currently authenticated with to copy the PSEXESVC to the \\$machine\ADMIN$\System32 share VIA SMB, which enables the communication with your PsExec.exe and the $machine's service.
If your currently logged in user account does not have access to \\$machine\ADMIN$\System32 and the ability to install/start services, then this won't work.
I'm assuming if you have access with your user account that this would work.
Here is a very interesting article from 2004 on reverse-engineering of the original implementation. I am pretty sure it has changed in that time with Windows 7 & Windows 10.

Could not connect sessionID 0 to sessionname console .bat from psexec

I'm attempting to force a VM to log the current user out and send the session to the console via running a .bat script.
I can get this working if I manually run a .bat file on the VM which contains the following:
%windir%\System32\tscon.exe 0 /dest:console
However, when using psexec or paexec to call the same .bat:
c:\>psexec.exe \\virtualmachine -u domain\username -p password -h cmd /c
c:\user\atest\desktop\test.bat
I get an access denied:
Could not connect sessionID 0 to session name console, Error code 5
Error [5]:Access is denied. C:\windows\system32\tscon.exe exited on
virtualmachine with error code 1.
Alternatively, I've tried (same result):
C:\>PsExec.exe \\virtualmachine -u domain\username -p password -h
C:\windows\system32\tscon.exe 0 /dest:console
I'm not sure where I'm going wrong, because this starts iexplore.exe fine:
C:\>PsExec.exe \\virtualmachine -u domain\username -p password -h "c:\program files\internet explorer\iexplore.exe"
The problem was because the user was connected via RDP, it was not session 0. I had to run "query user" to get the session ID of the RDP connection, then pass that into PsExec using "-i" like so:
C:\>PsExec.exe -s -i $id \\virtualmachine c:\windows\system32\tscon.exe $id /dest:console
Because this is running as system (-s) I didn't need to pass in any authentication.
This answer helped me with the concept of sessions, hope it helps someone else.
I had a batch file that worked for years ending a RDP session and leaving the host screen unlocked, it had conditions for sessionid's 0 through 10 just in case. Then this week after a windows update loaded it stopped working and I kept getting 7045 errors in the results of the batch file. The RDP session would close but the host machines screen was locked. The host machine runs a message board so this was not acceptable and the machine is mounted to the ceiling so no mouse or keyboard is possible.
I searched a ton and found nothing that worked more than once if it worked at all. Then I found this by chance, and when I ran this power shell command my problem was solved. It works great so far and better yet you don't have to know the sessionID or name, or pass a password in a text or batch file.
#powershell -NoProfile -ExecutionPolicy unrestricted -Command "$sessionid=((quser $env:USERNAME | select -Skip 1) -split '\s+')[2]; tscon $sessionid /dest:console" 2> UnlockErrors.log
Just copy the script into a text file, rename it something.cmd then create a shortcut to it on the hosts desktop and go to the properties and select advanced and have it run as administrator. Easy. Works on win7 pro. I found the script here https://steamcommunity.com/groups/homestream/discussions/0/617335934139051123/?ctp=5
I also faced the same issue with the following command
Command – tscon SessionID /dest:console /password: ****
Resolution: I worked a lot and finally got to know the issue is with password. i.e. the password length should not be greater than 13 characters. But in this case password = 20 characters.
Later I changed the password to ****(12 characters) and issue got resolved.
If you are not a local administrator of the VM, you won't be able to do this. The session I was logged-in with was not a local admin, but when running the shortcut "as an administrator", I tried using another account that was a local admin (when prompted). However, this doesn't work. The account you are moving to the console session is the one you are logged-in with, but if you use a different account for the shortcut elevation, TSCON will try using that account instead.

Can't force psexec to use the given user account

I used to use runas for running my app under another user account. Now I need to pass the password through as well. I found that psexec is an easy way to do it.
So the batch file contains:
#echo off
psexec my.exe -u hostname\user -p password
The problem is my.exe is still being initiated under the user I'm currently logged onto the system with and not under the one declared in the cmd above.
the program must be the last argument
try this :
psexec -u hostname\user -p password my.exe

psexec giving the system cannot find the file specified

I'm trying to run this from my win7 CMD (as Admin):
psexec IpAddress -u domain\user -p pword c:\Autobatch\ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml
but am getting a "the system cannot find the file specified" error.
I've also tried it this way:
psexec IpAddress -u domain\user -p pword c:\Autobatch\ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml
but get a unknown user or bad password.
What's weird is that I can connect via Remote desktop with the same IP address and user/pass.
Make sure the server has the settings below:
a) Admin share is enabled: run services.msc and check the Service "Server" is enabled
b) Add the key for the share in the registry and restart:
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v AutoShareServer /t REG_DWORD /d 1
And then use:
psexec \\IpAddress -u domain\user -p pword -w "c:\Autobatch" "ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml"
Actually, I don't see a difference between your 2 command lines. However, the error from the first command is because your syntax is incorrect. You must use
PsExec \\a.b.c.d ...
instead of
PsExec a.b.c.d ...
I got it to work by elevating the local batch file to execute with administrator privileges, that is to say, the terminal window was operating with administrator privileges.
If you're trying to use automation services, you can use the ClientJobSender.exe on the local machine (or on the machine where you set up the scheduling). Just copy the ClientJobSender.exe and the related config file from the install pack to the scheduler server and refer it locally.
You might have the directory path wrong. Try change the .exe path into cmd.exe and cd into your intended path to see if it is actually the correct path.

Resources