What I mean:
If I...
run runas /netonly /user:computername\username cmd
enter the password for the local admin account "username"
then type psexec \\computername cmd
I now have a working shell and can run commands as the local admin user on the remote machine.
However, trying to run this without the runas... and instead with the username and password arguments of psexec returns an access denied error.
Example below:
psexec \\computername -u username -p password cmd
Access Denied
Note: Others seem to also have this issue. My refined questions:
Is this intended behavior?
Why even have the -u and -p?
I have also tried disabling the firewall on both my machine and the target machine, and adding the registry key listed here.
When you initiate a connection with PsExec.exe, it tries to use the credentials you are currently authenticated with to copy the PSEXESVC to the \\$machine\ADMIN$\System32 share VIA SMB, which enables the communication with your PsExec.exe and the $machine's service.
If your currently logged in user account does not have access to \\$machine\ADMIN$\System32 and the ability to install/start services, then this won't work.
I'm assuming if you have access with your user account that this would work.
Here is a very interesting article from 2004 on reverse-engineering of the original implementation. I am pretty sure it has changed in that time with Windows 7 & Windows 10.
Related
I try to use the psexec program via command line to run program on another pc connected to my local network.
What i try to accomplish?:
I want to code a program that lets user send links ( to ebay auction e.g. ) to chosen pc from local network, for that i want to use psexec as a main component.
What is my problem?:
When i try to dry use psexec ( e.g. psexec \\another-pc cmd ) i got acces denied every time i try this ( no matter what machine is target ).
What i tried?:
So far i tried to fetch login credentials in command line:
psexec \\some-pc -u someuser -p password cmd
I also tried to disable UAC on target PC with this line:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
I think i could do that easily if i knew a passwod for -p part, but none of my pcs have passwords set, all default users are admins,
My question is, does windows set any default password for local network acces like masterkey or smth ?
I'm a bit confused on what shall i do next.
If anyone know what should i do to overcome this obstacle i would be gratefull.
To use psexec remotely you should be an admin on a remote PC. And since Windows does not allow remote connections for admins with an empty password so you'll either need to set a password for your admin user or create a new user.
BTW your question is more suitable for superuser, not stackoverflow.
I have an interesting dilemma with PuTTY PSFTP.
Set up...
Pageant .60
putty .60
Used command:
D:\psftp.exe -load myserver.domain.us.com -l User1 -b MyCommand Script
This loads PuTTY PSFTP, logs in using the user ID with the help of Pageant and then sends a file using commands in the script.
This works great while logged in as an Admin on the server.
It fails while logged in as a regular user on the server:
"psftp: no hostname specified;"blah blah blah.
Including -v reveals no further messages.
What possible delta could there be with permissions or other settings between a server Admin and regular user when it comes to PuTTY?
You load PuTTY stored site myserver.domain.us.com.
That is stored in Windows registry of the local account.
If you run the script using a different account, it won't see the site definition.
You have to define the session completely on command line. What you probably even attempted.
Remove the -load;
Add -ssh to make it clear you want to use SSH (but it's default anyway)
Add -hostkey=... with a fingerprint of the SSH host key (you need the latest version of PuTTY for the -hostkey switch, but you need to upgrade anyway, the version 0.60 is not secure).
D:\psftp.exe -ssh myserver.domain.us.com -hostkey=... -l User1 -b MyCommand Script
I'm trying to run runas command in Windows but it asks about password. I use system('runas /user:username cmd') but it needs entering the password manually. Is there any possibility to enter automatically this password in my ruby script? Saving password in any file is forbidden.
--edit: ReggieB suggested to add some more information.
I'm writing a fact for Puppet. We have puppet agents installed on local Administrator accounts and local Administrator can't have access to information about domain users. Because of this I decided to run cmd as domain user that can have access to domain users. The problem is that runas command needs to manually enter the password. It's impossible to do this in facts so I need some method in Ruby that will do this automatically. I need to do
system('runas /user:username cmd')
and some method that enter the password in command prompt instead of me.
I'm attempting to force a VM to log the current user out and send the session to the console via running a .bat script.
I can get this working if I manually run a .bat file on the VM which contains the following:
%windir%\System32\tscon.exe 0 /dest:console
However, when using psexec or paexec to call the same .bat:
c:\>psexec.exe \\virtualmachine -u domain\username -p password -h cmd /c
c:\user\atest\desktop\test.bat
I get an access denied:
Could not connect sessionID 0 to session name console, Error code 5
Error [5]:Access is denied. C:\windows\system32\tscon.exe exited on
virtualmachine with error code 1.
Alternatively, I've tried (same result):
C:\>PsExec.exe \\virtualmachine -u domain\username -p password -h
C:\windows\system32\tscon.exe 0 /dest:console
I'm not sure where I'm going wrong, because this starts iexplore.exe fine:
C:\>PsExec.exe \\virtualmachine -u domain\username -p password -h "c:\program files\internet explorer\iexplore.exe"
The problem was because the user was connected via RDP, it was not session 0. I had to run "query user" to get the session ID of the RDP connection, then pass that into PsExec using "-i" like so:
C:\>PsExec.exe -s -i $id \\virtualmachine c:\windows\system32\tscon.exe $id /dest:console
Because this is running as system (-s) I didn't need to pass in any authentication.
This answer helped me with the concept of sessions, hope it helps someone else.
I had a batch file that worked for years ending a RDP session and leaving the host screen unlocked, it had conditions for sessionid's 0 through 10 just in case. Then this week after a windows update loaded it stopped working and I kept getting 7045 errors in the results of the batch file. The RDP session would close but the host machines screen was locked. The host machine runs a message board so this was not acceptable and the machine is mounted to the ceiling so no mouse or keyboard is possible.
I searched a ton and found nothing that worked more than once if it worked at all. Then I found this by chance, and when I ran this power shell command my problem was solved. It works great so far and better yet you don't have to know the sessionID or name, or pass a password in a text or batch file.
#powershell -NoProfile -ExecutionPolicy unrestricted -Command "$sessionid=((quser $env:USERNAME | select -Skip 1) -split '\s+')[2]; tscon $sessionid /dest:console" 2> UnlockErrors.log
Just copy the script into a text file, rename it something.cmd then create a shortcut to it on the hosts desktop and go to the properties and select advanced and have it run as administrator. Easy. Works on win7 pro. I found the script here https://steamcommunity.com/groups/homestream/discussions/0/617335934139051123/?ctp=5
I also faced the same issue with the following command
Command – tscon SessionID /dest:console /password: ****
Resolution: I worked a lot and finally got to know the issue is with password. i.e. the password length should not be greater than 13 characters. But in this case password = 20 characters.
Later I changed the password to ****(12 characters) and issue got resolved.
If you are not a local administrator of the VM, you won't be able to do this. The session I was logged-in with was not a local admin, but when running the shortcut "as an administrator", I tried using another account that was a local admin (when prompted). However, this doesn't work. The account you are moving to the console session is the one you are logged-in with, but if you use a different account for the shortcut elevation, TSCON will try using that account instead.
Is there any single line command for Run As Different User in Windows 7.
I am using following command but then it ask for password
runas /user:USER-NAME "C:\full\path\of\Program.exe"
Is there any way to supply password also in above line ? Actually i am launching application from other application so I don't want any user interaction But in above command it ask user for PASSWORD
PsExec in the MS SysInternals suite:
psexec -user Administrator -p Passwd "xcopy a.xml \\server_over_there\c$\A.xml"
In case the local user is NOT what you need and a specific DOMAIN user is, use:
/user Username in form USER#DOMAIN or DOMAIN\USER
(USER#DOMAIN is not compatible with /netonly)