PsExec: Run Commands On Remote Computers

PsExec is a small program that enables IT administrators to run commands and processes on remote computers.

In this guide, you will learn how to use PsExec to run commands, kill processes, install software, restart services, and more on remote computers.

Let’s get started.

PsExec Requirements

The remote computer must meet the following requirements:

• Port TCP/445 open
• Port UDP/137 open
• Credentials to the remote computer (domain or local credentials will work).
• Remote Service Management (RPC) Open – This is not required but PsExec runs extremely slow if the firewall is enabled and this service is blocked.

Video Tutorial

If you don’t like videos then continue reading the details below.

Secure PsExec With The Windows Firewall

I highly recommend you lock down the use of PsExec to run from authorized computers, such as your laptop or a secure workstation. If you don’t lock it down an attacker with compromised credentials can easily run commands and processes on remote computers in your network.

Here are the steps to allow and secure PsExec.

Step 1: Enable Windows Firewall

First, you need to have the Windows Firewall enabled. Sometimes organizations disable this for convenience reasons and that is a huge mistake. If you have a lot of computers to manage, you can use group policy to manage the firewall settings.

Make sure it is enabled for all profiles (domain, private, public).

Step 2: Allow PsExec Ports In Windows Firewall

PsExec requires ports tcp/445 and udp/137 to be open on the remote computer. Below is the PowerShell Command to enable this for the domain profile.

Here is the command to enable TCP/445.

New-NetFirewallRule -DisplayName 'TCP/445' -Profile @('Domain') -Direction Inbound -Action Allow -Protocol TCP -LocalPort @('445') -RemoteAddress 192.168.100.10

Here is the command to enable UDP/137.

New-NetFirewallRule -DisplayName 'UDP/137' -Profile @('Domain') -Direction Inbound -Action Allow -Protocol UDP -LocalPort @('137') -RemoteAddress 192.168.100.10

In the GUI the Remote IP address settings are on the scope tab.

Step 3: Allow Remote Service Management (Optional)

This is not required but PsExec will run extremely slow when this service is blocked. I also use the -RemoteAddress option to limit which IP addresses can connect to the remote computer.

Set-NetFirewallRule -DisplayGroup “Remote Service Management” -Enabled True -Profile domain -RemoteAddress "192.168.100.10"

How to Install PsExec

In this section, I’ll walk through installing PsExec on my local computer.

Step 1: Download PsExec

PsExec is part of the PsTools package provided by Microsoft.

You can download it here.

Step 2: Extract The Download

Unzip the downloaded file (PSTools.zip) and copy it to a path on your hard drive. I’ve copied it to the root of c: (Example c:\pstools).

Step 3: Test Psexec

Let’s test the installation to make sure PsExec is working.

Open the windows command prompt and switch to the pstools directory, then type psexec and press enter. You should see PsExec return the version and command syntax.

In the screenshot below you can see I changed to the “c:\pstools” directory to run the psexec command.

Typing psexec is also a quick way to see the syntax and command line options.

PsExec Examples

Using PsExec is very easy to use, the basic syntaxis is:

psexec \\remotecomputer command [arguments]

Example 1: Run Command on a Remote Computer

Use the command below to run a command on a single remote computer.

psexec \\pc1 ipconfig

In this example, I’m running the ipconfig command on remote computer PC1.

Example 2: Run Command on Multiple Computers

To run PsExec on multiple computers just separate the computers with a comma. Here I’m running ipconfig on pc1 and srv-vm1.

psexec \\pc1,srv-vm1 ipconfig

Example 3: Specify Username and Password

To connect to a remote computer using a specific username and password use this command:

psexec \\pc1 -u user -p password ipconfig

Example 4: Kill Process on a Remote Computer

To kill a process on a remote computer use the commands below.

You first need to get the process PID, this can be done with the tasklist command.

psexec \\pc1 tasklist

Find the process PID number then use taskkill to kill the process.

psexec \\pc1 taskkill /pid 2892 /f

Example 5: Install Software

In this example, I’m installing 7zip on the remote computer PC1. The installation file has been copied to the remote computer. You can also use the -c option to copy a file and execute it.

psexec \\pc1 msiexec.exe /i "c:\it\7z2201-x64.msi"

Example 6: Restart Remote Computer

Use this command to restart a remote computer. Here I’m saying to reboot pc1 in 60 seconds.

psexec \\pc1 shutdown /r /t 60

The remote computer will get a pop up message that the computer will reboot.

Example 7: Delete a File

This command will delete the file users.txt from the remote computer.

psexec \\pc1 cmd /c del /f c:\it\users.txt

Example 8: Restart Printer Spooler

In this example, I will stop and start the spooler service on a remote computer

psexec \\pc1 net stop spooler

To start the spooler service use this command.

psexec \\pc1 net start spooler

Example 9. Copy and Run a Batch File

The -c option will copy a specified file to a remote computer and execute it.

psexec \\pc1 -c pcinfo.bat

Example 10. Open Command Prompt on Remote Computer

This example will open the command prompt on the remote computer, you can then run whatever command line you need.

psexec \\pc1 cmd

You can see below I open cmd and run multiple commands that all execute on the remote computer. This can be very useful for IT administrators when troubleshooting computer issues and you need a quick way to execute commands on remote computers.

Example 11: Open a Program

If you want to open a program on the remote computer use the -i option. The -i option runs the program so that it interacts with the desktop. For example, use this command to open notepad.exe on a remote computer.

psexec \\pc1 -i notepad

That is it for this guide, post your feedback in the comments below.

Next, check out my list of the 50 most useful windows commands.