Today we’ll be talking about a utility that admins and scripting guys/gals will really like. If you have the responsibility of administering servers, or workstations, you have no doubt needed and used some of the PSTools (formerly Sysinternals), now Microsoft. These tools in general are all incredibly useful, however, one that I would like to talk about today is psexec. In a few words, psexec, allows you to run any command on a remote computer. you can see how this can be useful:
A couple of uses for that could be commands like this:
psexec \\<computername> cmd.exeThis command will open up a command prompt, remotely on the computer in question. This is useful, to navigate around directories, or even execute commands on a remote computer.
psexec \\<computername> -d -e c:\windows\system32\gpupdate /forcethis command will run a gpupdate on the target machine. Of course, putting a @computerlist.txt instead of the \\will run that command on the list of computers in the text file.
These are obviously simple examples, but imagine the possibilities with such a command.
psexec, fortunately, includes an option run the command in a particular user context, so if I want to run an interactive application (i.e: notepad) in the user context of COMPUTER\USER1 , then the psexec command will look something like this:
psexec \\<computername> -u COMPUTER\USER1 -p Password -i -d c:\windows\notepad.exe
That is all fine and dandy when two conditions are true:
- you have one computer you’re applying the command to
- you know the username AND password of the user account on the computer OR you have multiple computers to which you want to apply the command under the SAME user account and password context.
Well, what if you have 15 machines, to which you want to open notepad to whatever user is logged in to that machine? In that case, you would have to run psexec 15 times, and you would have to know the username and password of each user, these will both defeat the purpose of the command, and likely break some of your company’s security policies.
owexec will resolve the problem we mentioned above. it is essentially a port of psexec, which allows it to run in the context of the logged in user, without having to provide any additional credentials beyond the username under which to run. In the case of the example above, running owexec on 15 machines will execute notepad in the context of the logged in user. In all other cases using psexec, and not having the user’s password handy, the application will start, and perhaps in interactive mode, but alas, it will be in a different account, i.e: SYSTEM, so the user will not see the application needed.
The command line used with owexec to perform the above is as follows:
owexec -c <computername> -u COMPUTER\User1 -nowait -k c:\windows\notepad.exeOf course, you have to make sure that you are logged in with COMPUTER\User1 on the remote machine, and watch the magic happen