Could not connect sessionID 0 to sessionname console .bat from psexec - windows

I'm attempting to force a VM to log the current user out and send the session to the console via running a .bat script.
I can get this working if I manually run a .bat file on the VM which contains the following:
%windir%\System32\tscon.exe 0 /dest:console
However, when using psexec or paexec to call the same .bat:
c:\>psexec.exe \\virtualmachine -u domain\username -p password -h cmd /c
c:\user\atest\desktop\test.bat
I get an access denied:
Could not connect sessionID 0 to session name console, Error code 5
Error [5]:Access is denied. C:\windows\system32\tscon.exe exited on
virtualmachine with error code 1.
Alternatively, I've tried (same result):
C:\>PsExec.exe \\virtualmachine -u domain\username -p password -h
C:\windows\system32\tscon.exe 0 /dest:console
I'm not sure where I'm going wrong, because this starts iexplore.exe fine:
C:\>PsExec.exe \\virtualmachine -u domain\username -p password -h "c:\program files\internet explorer\iexplore.exe"

The problem was because the user was connected via RDP, it was not session 0. I had to run "query user" to get the session ID of the RDP connection, then pass that into PsExec using "-i" like so:
C:\>PsExec.exe -s -i $id \\virtualmachine c:\windows\system32\tscon.exe $id /dest:console
Because this is running as system (-s) I didn't need to pass in any authentication.
This answer helped me with the concept of sessions, hope it helps someone else.

I had a batch file that worked for years ending a RDP session and leaving the host screen unlocked, it had conditions for sessionid's 0 through 10 just in case. Then this week after a windows update loaded it stopped working and I kept getting 7045 errors in the results of the batch file. The RDP session would close but the host machines screen was locked. The host machine runs a message board so this was not acceptable and the machine is mounted to the ceiling so no mouse or keyboard is possible.
I searched a ton and found nothing that worked more than once if it worked at all. Then I found this by chance, and when I ran this power shell command my problem was solved. It works great so far and better yet you don't have to know the sessionID or name, or pass a password in a text or batch file.
#powershell -NoProfile -ExecutionPolicy unrestricted -Command "$sessionid=((quser $env:USERNAME | select -Skip 1) -split '\s+')[2]; tscon $sessionid /dest:console" 2> UnlockErrors.log
Just copy the script into a text file, rename it something.cmd then create a shortcut to it on the hosts desktop and go to the properties and select advanced and have it run as administrator. Easy. Works on win7 pro. I found the script here https://steamcommunity.com/groups/homestream/discussions/0/617335934139051123/?ctp=5

I also faced the same issue with the following command
Command – tscon SessionID /dest:console /password: ****
Resolution: I worked a lot and finally got to know the issue is with password. i.e. the password length should not be greater than 13 characters. But in this case password = 20 characters.
Later I changed the password to ****(12 characters) and issue got resolved.

If you are not a local administrator of the VM, you won't be able to do this. The session I was logged-in with was not a local admin, but when running the shortcut "as an administrator", I tried using another account that was a local admin (when prompted). However, this doesn't work. The account you are moving to the console session is the one you are logged-in with, but if you use a different account for the shortcut elevation, TSCON will try using that account instead.

Related

Issues using psexec -i to launch interactive app

I'm connecting to a windows machine over SSH and would like to launch a GUI app in an existing interactive session.
This should work using psexec -i, but it fails for me in various ways:
psexec -i 1 notepad.exe: notepad crashes without showing UI
psexec -i 1 cmd.exe: I get a black box the size of a cmd.exe window, it never renders. If I look at the window title with "alt-tab", it does say this is an [Administrator] process which is not what I expected.
psexec -i 1 <path to vscode>, it launches successfully but then raises a number of errors related to credential storage.
psexec -s -i 1 cmd.exe: this launches fine, but the process is running as nt authority\system, which is not what I want.
psexec -i 1 -u my_user -p my_pwd <path to vscode>: this works fine, but I can't require passwords and want to use ssh key-based auth instead.
I've seen a ton of questions/answers where it looks like '-i' works for people so I'm not sure what's going wrong here. Any ideas?
It could be due to incorrect session id.
Can you check if the session id is correct, by navigating to users tab in the task manager
Screenshot of Session ID Screen

Acces denied when using psexec

I try to use the psexec program via command line to run program on another pc connected to my local network.
What i try to accomplish?:
I want to code a program that lets user send links ( to ebay auction e.g. ) to chosen pc from local network, for that i want to use psexec as a main component.
What is my problem?:
When i try to dry use psexec ( e.g. psexec \\another-pc cmd ) i got acces denied every time i try this ( no matter what machine is target ).
What i tried?:
So far i tried to fetch login credentials in command line:
psexec \\some-pc -u someuser -p password cmd
I also tried to disable UAC on target PC with this line:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
I think i could do that easily if i knew a passwod for -p part, but none of my pcs have passwords set, all default users are admins,
My question is, does windows set any default password for local network acces like masterkey or smth ?
I'm a bit confused on what shall i do next.
If anyone know what should i do to overcome this obstacle i would be gratefull.
To use psexec remotely you should be an admin on a remote PC. And since Windows does not allow remote connections for admins with an empty password so you'll either need to set a password for your admin user or create a new user.
BTW your question is more suitable for superuser, not stackoverflow.

PsExec works only with "runas /netonly", not with -u and -p parameters

What I mean:
If I...
run runas /netonly /user:computername\username cmd
enter the password for the local admin account "username"
then type psexec \\computername cmd
I now have a working shell and can run commands as the local admin user on the remote machine.
However, trying to run this without the runas... and instead with the username and password arguments of psexec returns an access denied error.
Example below:
psexec \\computername -u username -p password cmd
Access Denied
Note: Others seem to also have this issue. My refined questions:
Is this intended behavior?
Why even have the -u and -p?
I have also tried disabling the firewall on both my machine and the target machine, and adding the registry key listed here.
When you initiate a connection with PsExec.exe, it tries to use the credentials you are currently authenticated with to copy the PSEXESVC to the \\$machine\ADMIN$\System32 share VIA SMB, which enables the communication with your PsExec.exe and the $machine's service.
If your currently logged in user account does not have access to \\$machine\ADMIN$\System32 and the ability to install/start services, then this won't work.
I'm assuming if you have access with your user account that this would work.
Here is a very interesting article from 2004 on reverse-engineering of the original implementation. I am pretty sure it has changed in that time with Windows 7 & Windows 10.

psshutdown fails unless run from admin cmd prompt

Ok here's an interesting problem I've run into. I'm attempting to reboot some computers remotely using psshutdown and getting access denied errors unless I run the cmd from a cmd prompt that was run as admin. I myself am an admin on my machine as well as on the remote computer so my credentials should work just fine.
Example code:
psshutdown /accepteula \\COMPUTER.DOMAIN.COM -u DOMAIN\USER -p Password -r -t 0
Example output:
Could not start PsShutdown service on COMPUTER.DOMAIN.COM:
Access is denied.
However when run from admin cmd window:
COMPUTER.DOMAIN.COM is scheduled to reboot in 00:00:00.
As kludge-y as it seems, is it possible to use psexec to run psshutdown as an elevated user?
After running around in circles with this I ended up using:
runas /netonly /user:DOMAIN\USERNAME "shutdown -m \\XXX.XXX.XXX.XXX -r -f -t 0"
Which isn't ideal but got the job done.
Ok, try this. It will open an external window where you can remotely shutdown computers on your network:
shutdown -i
You can type this straight into the CMD window without needing to create a .bat file.
Hope this helps!

psexec giving the system cannot find the file specified

I'm trying to run this from my win7 CMD (as Admin):
psexec IpAddress -u domain\user -p pword c:\Autobatch\ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml
but am getting a "the system cannot find the file specified" error.
I've also tried it this way:
psexec IpAddress -u domain\user -p pword c:\Autobatch\ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml
but get a unknown user or bad password.
What's weird is that I can connect via Remote desktop with the same IP address and user/pass.
Make sure the server has the settings below:
a) Admin share is enabled: run services.msc and check the Service "Server" is enabled
b) Add the key for the share in the registry and restart:
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v AutoShareServer /t REG_DWORD /d 1
And then use:
psexec \\IpAddress -u domain\user -p pword -w "c:\Autobatch" "ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml"
Actually, I don't see a difference between your 2 command lines. However, the error from the first command is because your syntax is incorrect. You must use
PsExec \\a.b.c.d ...
instead of
PsExec a.b.c.d ...
I got it to work by elevating the local batch file to execute with administrator privileges, that is to say, the terminal window was operating with administrator privileges.
If you're trying to use automation services, you can use the ClientJobSender.exe on the local machine (or on the machine where you set up the scheduling). Just copy the ClientJobSender.exe and the related config file from the install pack to the scheduler server and refer it locally.
You might have the directory path wrong. Try change the .exe path into cmd.exe and cd into your intended path to see if it is actually the correct path.

Resources