PsExec is application within the PsTools suite will allow to locally and remotely execute other applications. As always, you must have the WMI/RPC port (135) open on remote hosts.
The ability to execute the same application on many computers simultaneously has it's advantages in network administration and classroom computer lab administration.
Here is the usage from the Microsoft website:
psexec [\\computer[,computer2[,...] | @file][-u user [-p psswd]][-n s][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-From this usage we do something simple send a reboot command to a computer:][-a n,n,...] cmd [arguments]
psexec \\myfileserver shutdown -r -t 0Notice that the arguments after the shutdown command apply only to the shutdown command on the remote computer and not to psexec. To send this command to a long list of servers, it could look like this:
psexec @serverlist.txt shutdown -r -t 0Now using the -i flag, we can have our remotely launched application interact with the desktop. In a server administration setting, this is rarely useful for more than pulling pranks on your coworkers; however in a classroom lab environment, it might be useful to open a web page on every computer in the lab:
psexec @mylabPCs.txt -i iexplore http://netadmin4noobs.blogspot.comBut... there's a problem with that. Because the iexplore application won't end until someone at the work station closes it, you must at the -d so psexec does not wait for the application to end:
psexec @mylabPCs.txt -i -d iexplore http://netadmin4noobs.blogspot.com
The flags -c, -f, and -v I can only see being used for either rare occasions or for custom scripts which are regularly updated. In that case you must use the -v flag. Use your common sense.
With PsExec, as well as the other application in the PsTools suite, you can specify the username and password within the command (-u for username and -p for password), but I think you are adding an avoidable security risk. It would be best to run the PsExec with an account that has administrative access on the remote machine. If you are in a situation where you must specify username and password (i.e. a host which is not attached to an Active Directory domain so you're using a local account), it's a good idea to precede the username with the machine name. For a scenario where the username is administrator and the remote host is pc12345, it would look like this:
psexec \\pc12345 -u pc12345\administrator -p passwordThis way you are telling the computer where to look to authenticate the credentials.
The rest of the flags are either pretty self-explanatory or ones you shouldn't use. But if you have questions, feel free to comment and I will respond.
0 comments:
Post a Comment