-
Question
-
The command below:
psexec \[hostname] -u [domain][userid] -p [password] "cmd.exe"returns error: Could not start PSEXESVC service on [hostname]: %1 is not a valid Win32 application.
I noticed that that C:Windows on [hostname] contains a «psexesvc.exe» with size 0 bytes. From what I’ve found online so far, psexec copies psexesvc. Any ideas what may be going on here?
Thanks in advance!
-
Edited by
PBrain007
Monday, June 24, 2019 9:49 PM
-
Edited by
All replies
-
Probably an antivirus or APplocker blocking the installation of the PSExecSvc…
Thanks
-mario -
Just tried again after disabling anti-virus. Still see the same behavior.
Thanks for your suggestion!
-
Is it still an installed service PSEXECSVC?
you can check with SC query and if it is uninstall it with SC delete..Did you already deleted the file from c:windows and rebooted the machine?
Thanks
-mario
-
I did these steps:
C:WindowsSystem32>sc delete psexesvc
[SC] DeleteService SUCCESSDeleted the PSExesvc under c:Windows
Rebooted the machine. Then tried psexec. Still see the same error and psexesvc file with zero bytes size
PsExec v2.2 — Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals — www.sysinternals.comCould not start PSEXESVC service on
[hostname]:
%1 is not a valid Win32 application.Thank you!
-
It’s time for Process Monitor..
perform the same step as before, delete the service and reboot the machine, then start process monitor on the host where you would like to start the psexecsvc. Start to capture a trace just before running on the remote machine the psexec command.
Save the trace in pml native format saving all the events and share the trace.
Thanks
-mario -
Try manually copy PsExecsvc into C:Windows of the computer.
-
I ran into the same problem, it was because the remote system, did not have enough Disk Space, I had to access c$ (\remotesystemc$) and deleted a few files and voila! psexec started in the remote system
The PsExec tool allows you to run programs and processes on remote computers. The main advantage of PsExec is the ability to invoke the interactive command-line interface on remote computers, remotely run programs, and execute any commands (in the background, or the interactive mode).
The PsExec utility is one of the most popular programs of the PsTools package from Sysinternals. You can download it on this page (the actual version is the PsExec v2.40).
How to install PsExec on Windows?
In order to use the PsExec tool, simply download the PSTools.zip archive from Microsoft and extract the PsExec64.exe and PsExec.exe files to any folder on your computer (it is convenient to copy it to the default executable folder C:WindowsSystem32).
You can run PsExec from the command prompt or PowerShell console. To connect to a remote computer via PsExec, the following conditions must be met:
- TCP/445 (SMB) and UDP/137 (NETBIOS) ports must be open on the remote computer;
- You must have administrator credentials on the remote computer, or the user under which you are running PsExec must be added to the Administrators group on the remote computer;
- The LanmanServer and LanmanWorkstation services must be running on a computer.
You can open these ports on a remote computer using the Windows Firewall Advanced Settings (GUI) or using the commands:
netsh advfirewall firewall add rule name="SMB" dir=in action=allow protocol=TCP localport=445 netsh advfirewall firewall add rule name="NETBIOS" dir=in action=allow protocol=UDP localport=139
How to use PsExec?
The syntax for PsExec is as follows:
psexec \RemotePCName [-u username[-p password]] command [arguments]
If you did not specify the user name and password, then the remote process starts on the remote computer under your current credentials, which are used to start the PsExec process on your computer. If you need to execute commands on a remote computer under a different user account, keep in mind, that the password is sent over the network to the remote system in plain text.
When you start PsExec for the first time, you need to accept the Sysinternals License Agreement.
To prevent the graphical prompt with the license agreement from being displayed, you can add the /accepteula switch when you first start PsExec.
psexec /accepteula
As an example, we want to purge the DNS cache (with the “ipconfig /flushdns” command) on the remote computer lon-srv01. Run the command:
psexec \lon-srv01 ipconfig /flushdns
After you run this command, the PsExec copies the psexesvc.exe file to the hidden administrative folder Admin$ of the specified remote computer (C:WindowsSystem32psexesvc.exe). Then it starts the PSEXESVC service on the remote computer using the Windows API. After running PSEXESVC, a connection is established for data transfer between this service, and the PsExec process on your computer.
PsExec then sends your command to be executed on the remote computer and waits for the result. In our example, after ipconfig finishes, all the text output will be transferred to your computer, and the error code will also be returned. If the command was successful, you will see the exit code 0.
If your account doesn’t have the local administrator rights on the remote Windows host, an error will appear:
Couldn’t install PSEXESVC service:
Access Denied
When the work is completed, PsExec stops the service and automatically removes it from the remote computer.
When you run cmd.exe interactively through PsExec under a remote user, you have no way to elevate privileges (as Admin) when the UAC is enabled. To run the commands with the account’s elevated token, use the –h option. This option means that all commands will be executed in the “Run as Administrator” mode.
PsExec: run commands on remote computers
Let’s look at useful examples of using PsExec to execute commands on remote computers.
To restart the remote computer, run the following command:
psexec \lon-srv01 "cmd.exe" "/c shutdown /f /r/ /t 60"
If you need to run several commands one by one, it’s better to run the PsExec in the interactive mode on the remote computer. To do this, run the command:
psexec \lon-srv01 cmd
Now all the commands that you typed in the command prompt on your local computer, will be executed on the remote lon-srv01 computer.
To connect to a remote computer under a specific account and run an interactive shell, use the following command:
psexec.exe \lon-srv01 -u user -p password cmd.exe
You can use PsExec even to run PowerShell commands remotely. For example, the following command will return you the size of the C:PS directory on the remote computer:
psexec \lon-srv01 powershell -ExecutionPolicy RemoteSigned -command "'{0:N2}' -f ((gci C:PS | measure Length -Sum).Sum/1MB)"
Note. To run a command remotely in PowerShell, you can use the Invoke-Command cmdlet instead of PsExec.
You can use the -c parameter to specify the name of the local file that you want to copy to the remote computer and execute it there. For example:
psexec \lon-srv01 -c c:psmyapp.exe
You can use PsExec as the easiest way to remotely install software. For example, you have an installer file of a certain program (for example, setup.msi). To copy the msi file to a remote computer and install it, use the following one-liner:
psexec.exe \lon-srv01 -c setup.msi –i –s "msiexec.exe /i setup.msi"
By default, PsExec doesn’t allow to start a GUI program on the remote user’s desktop. PsExec executes commands in the hidden mode (you won’t notice any windows or dialogs on the remote computer where the commands are executed). However, you can change this with the -i option.
For example, the following PsExec command will open the notepad.exe process on the remote computer and display it on the local user’s desktop:
psexec -i \lon-srv01 notepad
PsExec will wait for a process running on a remote computer to complete. If remote users don’t close the notepad windows on their desktop, your PsExec process will wait indefinitely for it to complete. To prevent PsExec from waiting for the remote process to finish, use the -d switch:
psexec -i -d \lon-srv01 notepad
Full information about all the parameters of the PsExec can be obtained by simply entering the command psexec in the command line without parameters.
To end a remote PsExec session, type exit, and press Enter.
Using PsExec to run processes as the LOCAL SYSTEM account
PsExec has one interesting and useful feature. If you don’t specify a computer name, then the command will be executed from the local system authority by default. You can run programs under the SYSTEM account by using the -s switch. For example, run the CLI session:
psexec -s cmd
Then check which user you are currently logged on with the whoami command. As you can see, the console is started from the NTAuthoritySystem account.
Run a command on multiple remote computers with PsExec
PsExec allows you to run the command simultaneously on multiple remote computers. To do this, you can set the computer names separated by commas:
psexec \PC1,PC2,PC3,PC33 “ipconfig /all”
or save them in a text file, and then specify a path to this file:
psexec @c:pscomputer_list.txt ipconfig
If instead of the computer name you will put an asterisk (psexec \*), then the command will be executed on all computers in your domain (you can use this trick only on a domain-joined computer).
For example, the following command will copy your run.bat file to all computers listed in the text file c:pscomputer_list.txt, and execute this batch (the –h argument is used to run batch elevated):
PsExec.exe @c:pscomputer_list.txt -h -u .administrator -p $upper0P@$ -c "c:psrun.bat"
Common PsExec errors
PsExec access denied error
In some cases, you can get the following error when trying to connect a remote computer using PsExec:
Couldn’t access computername
The network path was not found
Make sure the default admin% share is enabled on computername.
Make sure the remote computer is accessible over the network via SMB (TCP port 445). You can test the connection to the remote computer using the following PowerShell command:
Test-NetConnection -ComputerName pc99 -Port 445
Check the command response. If TcpTestSucceeded is not equal to True, this means that this port is blocked by the firewall.
You can open the SMB port in Windows Defender Firewall on a remote computer by enabling the “File and Printer Sharing” rule using the following command:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
Make sure ADMIN% (Remote Admin) and other Windows admin shares (C$, IPC$) are published on the remote computer:
net view \pc99 /all
If the list of admin shares on the remote computer is empty, run the following command on it locally:
net share
If there are no administrative shares, you need to publish them with the command:
reg add HKLMSYSTEMCurrentControlSetServiceslanmanserverparameters /f /v AutoShareWks /t REG_DWORD /d 0
Then restart the remote computer.
Fixing the Error: “Could not start PsExec service”
In some cases, when connecting to a remote computer through PsExec, you may receive an error:
Could not start PSEXESVC service on PC:
Access is denied.
If you encountered such an error, try to use one of the following solutions:
- Make sure your user is a member of the local administrators’ group on the remote computer;
- If the username on a remote computer differs from the current security context, try to specify remote user credentials as follows:
psexec \PC1 -u PC1user1 -p adminpassword -h -i cmd
(be sure to use the –h option in your PsExec command);
- On a remote computer in the registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem try to change the parameter ‘LocalAccountTokenFilterPolicy’ value to 1. When UAC is enabled, this will allow you to run commands on a remote computer with administrator permissions;
- Try temporarily disabling Windows Firewall on the remote computer.
PsExec: logon failure
When connecting to a remote computer, the following PsExec error may appear:
PsExec could not start cmd.exe on PCName:
Logon failure: the user has not been granted the requested logon type at this computer.
In this case, you need to add the following options to your PsExec command:
PsExec.exe -i –h PCName yourcommand
PSExec error code 1
If PsExec returns “error code 1” when you run a batch file on a remote computer, you are most likely using the exit command in your bat file. Change the exit command to
exit / b 0
Such a command terminates the batch file, closes cmd.exe, and sets the return code to zero.
- Remove From My Forums
-
Вопрос
-
Hi,
I am trying to execute psexec command to remote machine.
My command is
psexec -u domainuser -p password \machineName -c abc.bat
I am trying from windows 7(64 bit) machine. The remote machines are xp and windows 7(32 and 64 bit).
In XP machines, it is working and also in some windows 7 machines. But in some windows 7 machines it give message-
«Could not start PsExec service on target machine.
Access is denied.»
If I try to execute psexec command from XP machines, it works to all machines.
Suddenly what happen I do not know but one of the windows 7 machine( where psexec was not starting) , psexec started. but not in other machines.
Now I am very much confuse here exactly what happen. and what is the issue.
Please help. It urgent.
Thanks.
Ответы
-
Hi,
When opening the Command Prompt, please right click it and run as Administrator. Meanwhile, make sure the user has administrator privileges on target PC. If the issue
persists, try to disable UAC on both sides.As far as I know the Security Level on Windows 7 is higher than the level on Windows XP. Therefore, ‘psexec’ works to all machines.
Best Regards,
Niki
Please remember to click «Mark as Answer» on the post that helps you, and to click «Unmark as Answer» if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
-
Предложено в качестве ответа
8 ноября 2011 г. 0:14
-
Помечено в качестве ответа
Niki Han
14 ноября 2011 г. 13:02
-
Предложено в качестве ответа
-
Hi,
I had exacly the same issue today, only that I had many servers (2003, 2008 nad 2008 R2)
Run command exacly as yours, from W7 SP1 and a elevated command window.
It worked on 80% of the servers but on some it didn’t work, I investigated it closer and found that all Server 2008 R2 rejected my calls in security log — with my login name from W7, not domainuser from the command.
I loged in to my workstation with domainAdministrator and now the command was acceptet by all 200 servers without any problem.
Hope this can help you in your investigation, it solved my issue.
regards.
-
Помечено в качестве ответа
Niki Han
14 ноября 2011 г. 13:01
-
Помечено в качестве ответа
If you try to «ping hflood» and obtain the IP address, you can try «c:psexec <enter IP address here> .
Was this post helpful?
thumb_up
thumb_down
Can you access the share from your PC ?
\hfloodadmin$
It could be a permissions or name resolution problem.
Make sure your an Administrator or Domain Admin for the remote machine,
or use the -u & -p options to pass the administrator login details.
Was this post helpful?
thumb_up
thumb_down
Usage: psexec [\computer[,computer2[,…] | @file][-u user [-p psswd]][-n s][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,… ] cmd [arguments]
| computer |
Direct PsExec to run the application on the computer or computers specified. If you omit the computer name PsExec runs the application on the local system and if you enter a computer name of «\*» PsExec runs the applications on all computers in the current domain. |
| @file |
Directs PsExec to run the command on each computer listed in the text file specified. |
| -a |
Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: «-a 2,4» |
| -c |
Copy the specified program to the remote system for execution. If you omit this option then the application must be in the system’s path on the remote system. |
| -d |
Don’t wait for application to terminate. Only use this option for non-interactive applications. |
| -e |
Does not load the specified account’s profile. |
| -f |
Copy the specified program to the remote system even if the file already exists on the remote system. |
| -i |
Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session. |
| -l |
Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. |
| -n |
Specifies timeout in seconds connecting to remote computers. |
| -p |
Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password. |
| -s |
Run remote process in the System account. |
| -u |
Specifies optional user name for login to remote computer. |
| -v |
Copy the specified file only if it has a higher version number or is newer on than the one on the remote system. |
| -w |
Set the working directory of the process (relative to the remote computer). |
| -x |
Display the UI on the Winlogon desktop (local system only). |
| -priority |
Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista. |
| program |
Name of the program to execute. |
| arguments | Arguments to pass (note that file paths must be absolute paths on the target system) |
You can enclose applications that have spaces in their name with quotation marks e.g. «psexec \marklap «c:long nameapp.exe». Input is only passed to the remote system when you press the enter key, and typing Ctrl-C terminates the remote process.
Was this post helpful?
thumb_up
thumb_down
jonm,
c:>psexec 10.1.16.38
PsExec v1.96 — Execute processes remotely
Copyright (C) 2001-2009 Mark Russinovich
Sysinternals — www.sysinternals.com Opens a new window
PsExec could not start 10.1.16.38:
The system cannot find the file specified.
Note sure what file it’s looking for?
Wayne,
If I enter \hflood into Explorer window, I can connect, but don’t see any shares.
If I try \hfloodadmin$ is just fails?
I try the -u and -p option but maded no difference?
Thanks guys for the quick response.
Was this post helpful?
thumb_up
thumb_down
Sounds like a permission error if you cant gain access to the Admin shares.
Are you running in a domain? If so, you need to make sure you are using an domain administrative account before using this util. If you are not in a domain, enter admin credentials for that system you are connecting to and see if that helps.
Was this post helpful?
thumb_up
thumb_down
One other thing to check is the Windows Firewall on the clients… make sure you have the «Remote Administration» exception rule turned on
Was this post helpful?
thumb_up
thumb_down
psexec 10.1.16.38 wouldn’t work. You would still need to put the \ (whack whack) in front of the IP address. Otherwise it is trying to run a file called 10.1.16.38 on your local system. check your firewall like martin said. from the command line try systeminfo /s hflood and see if you get anything.
if if psexec syntax is giving you a hard time you can download
http://www.manageengine.com/products/free-windows-tools/free-windows-tools.html Opens a new window
it is a set of free management tools that allow you to open remote command prompts as well as many other things, pretty handy.
Was this post helpful?
thumb_up
thumb_down
Thanks all for the help.
It wasn’t a firewall issue, as I had it switched off.
I was using a domain admin account with -u and -p options.
What I found it that if I when into «Entire Network > MS windows network > mydomain» the hflood pc wasn’t showing up, but other servers and pc’s that did show up here, I was able to connect to with psexec.
Not exactly sure why some pc’s are not advertised, seems to be an Active Directory issue that i’m looking into.
Was this post helpful?
thumb_up
thumb_down
One thing it might be is if you clone systems, you will need to run a utility called NewSID, also from System Internals. Cloned have the same SID, which will screw up almost all things that use Active Directory.
Another think that can be happening is the old Netbios Master Browser issue. If you have multiple servers on the LAN that are not part of the same domain, they can conflict when the election process takes place. If that happens, some computers will think one server is the MB for the workgroup, and some will think the other is.
It’s an ugly problem and the official MS solution is use their DNS to find things. So now after making sure I have a clean MS DNS on my DC’s I use almost exclusively fully qualified domain names to refer to things.
As far as shares not showing up, psexec will use the currently logged in user unless you specifiy another using the -u flag. ex. -u myadminmydomain.local. If you still cannot gain access to the admin share, it may be that the remote machine is not registering with AD on startup. Make sure both machines have the IP of the DC as their first and ONLY DNS. Others will argue that you can use a second. Don’t. Let your DNS handle recursion for you.
So make sure you start up both computers in this condition. If it still fails, check AD to make sure the computer shows up in the computers section of AD and that it has the SAME NAME. Sometimes renaming a computer will not register with AD.
If all else fails, take the shotgun approach. Quit the domain (making sure you have a good local admin first DOH!) remove the computer from AD computers, and rejoin the domain again. If you still don’t see the computer in AD, you have big AD problems. Good luck with that.
Was this post helpful?
thumb_up
thumb_down
The PsExec tool allows you to run programs and processes on remote computers. The main advantage of PsExec is the ability to invoke the interactive command-line interface on remote computers, remotely run programs, and execute any commands (in the background, or the interactive mode).
The PsExec utility is one of the most popular programs of the PsTools package from Sysinternals. You can download it on this page (the actual version is the PsExec v2.40).
How to install PsExec on Windows?
In order to use the PsExec tool, simply download the PSTools.zip archive from Microsoft and extract the PsExec64.exe and PsExec.exe files to any folder on your computer (it is convenient to copy it to the default executable folder C:WindowsSystem32).
You can run PsExec from the command prompt or PowerShell console. To connect to a remote computer via PsExec, the following conditions must be met:
- TCP/445 (SMB) and UDP/137 (NETBIOS) ports must be open on the remote computer;
- You must have administrator credentials on the remote computer, or the user under which you are running PsExec must be added to the Administrators group on the remote computer;
- The LanmanServer and LanmanWorkstation services must be running on a computer.
You can open these ports on a remote computer using the Windows Firewall Advanced Settings (GUI) or using the commands:
netsh advfirewall firewall add rule name="SMB" dir=in action=allow protocol=TCP localport=445 netsh advfirewall firewall add rule name="NETBIOS" dir=in action=allow protocol=UDP localport=139
How to use PsExec?
The syntax for PsExec is as follows:
psexec RemotePCName [-u username[-p password]] command [arguments]
If you did not specify the user name and password, then the remote process starts on the remote computer under your current credentials, which are used to start the PsExec process on your computer. If you need to execute commands on a remote computer under a different user account, keep in mind, that the password is sent over the network to the remote system in plain text.
When you start PsExec for the first time, you need to accept the Sysinternals License Agreement.
To prevent the graphical prompt with the license agreement from being displayed, you can add the /accepteula switch when you first start PsExec.
psexec /accepteula
As an example, we want to purge the DNS cache (with the “ipconfig /flushdns” command) on the remote computer lon-srv01. Run the command:
psexec lon-srv01 ipconfig /flushdns
After you run this command, the PsExec copies the psexesvc.exe file to the hidden administrative folder Admin$ of the specified remote computer (C:WindowsSystem32psexesvc.exe). Then it starts the PSEXESVC service on the remote computer using the Windows API. After running PSEXESVC, a connection is established for data transfer between this service, and the PsExec process on your computer.
PsExec then sends your command to be executed on the remote computer and waits for the result. In our example, after ipconfig finishes, all the text output will be transferred to your computer, and the error code will also be returned. If the command was successful, you will see the exit code 0.
If your account doesn’t have the local administrator rights on the remote Windows host, an error will appear:
Couldn’t install PSEXESVC service:
Access Denied
When the work is completed, PsExec stops the service and automatically removes it from the remote computer.
When you run cmd.exe interactively through PsExec under a remote user, you have no way to elevate privileges (as Admin) when the UAC is enabled. To run the commands with the account’s elevated token, use the –h option. This option means that all commands will be executed in the “Run as Administrator” mode.
PsExec: run commands on remote computers
Let’s look at useful examples of using PsExec to execute commands on remote computers.
To restart the remote computer, run the following command:
psexec lon-srv01 "cmd.exe" "/c shutdown /f /r/ /t 60"
If you need to run several commands one by one, it’s better to run the PsExec in the interactive mode on the remote computer. To do this, run the command:
psexec lon-srv01 cmd
Now all the commands that you typed in the command prompt on your local computer, will be executed on the remote lon-srv01 computer.
To connect to a remote computer under a specific account and run an interactive shell, use the following command:
psexec.exe lon-srv01 -u user -p password cmd.exe
You can use PsExec even to run PowerShell commands remotely. For example, the following command will return you the size of the C:PS directory on the remote computer:
psexec lon-srv01 powershell -ExecutionPolicy RemoteSigned -command "'{0:N2}' -f ((gci C:PS | measure Length -Sum).Sum/1MB)"
Note. To run a command remotely in PowerShell, you can use the Invoke-Command cmdlet instead of PsExec.
You can use the -c parameter to specify the name of the local file that you want to copy to the remote computer and execute it there. For example:
psexec lon-srv01 -c c:psmyapp.exe
You can use PsExec as the easiest way to remotely install software. For example, you have an installer file of a certain program (for example, setup.msi). To copy the msi file to a remote computer and install it, use the following one-liner:
psexec.exe lon-srv01 -c setup.msi –i –s "msiexec.exe /i setup.msi"
By default, PsExec doesn’t allow to start a GUI program on the remote user’s desktop. PsExec executes commands in the hidden mode (you won’t notice any windows or dialogs on the remote computer where the commands are executed). However, you can change this with the -i option.
For example, the following PsExec command will open the notepad.exe process on the remote computer and display it on the local user’s desktop:
psexec -i lon-srv01 notepad
PsExec will wait for a process running on a remote computer to complete. If remote users don’t close the notepad windows on their desktop, your PsExec process will wait indefinitely for it to complete. To prevent PsExec from waiting for the remote process to finish, use the -d switch:
psexec -i -d lon-srv01 notepad
Full information about all the parameters of the PsExec can be obtained by simply entering the command psexec in the command line without parameters.
To end a remote PsExec session, type exit, and press Enter.
Using PsExec to run processes as the LOCAL SYSTEM account
PsExec has one interesting and useful feature. If you don’t specify a computer name, then the command will be executed from the local system authority by default. You can run programs under the SYSTEM account by using the -s switch. For example, run the CLI session:
psexec -s cmd
Then check which user you are currently logged on with the whoami command. As you can see, the console is started from the NTAuthoritySystem account.
Run a command on multiple remote computers with PsExec
PsExec allows you to run the command simultaneously on multiple remote computers. To do this, you can set the computer names separated by commas:
psexec PC1,PC2,PC3,PC33 “ipconfig /all”
or save them in a text file, and then specify a path to this file:
psexec @c:pscomputer_list.txt ipconfig
If instead of the computer name you will put an asterisk (psexec *), then the command will be executed on all computers in your domain (you can use this trick only on a domain-joined computer).
For example, the following command will copy your run.bat file to all computers listed in the text file c:pscomputer_list.txt, and execute this batch (the –h argument is used to run batch elevated):
PsExec.exe @c:pscomputer_list.txt -h -u .administrator -p $upper0P@$ -c "c:psrun.bat"
Common PsExec errors
PsExec access denied error
In some cases, you can get the following error when trying to connect a remote computer using PsExec:
Couldn’t access computername
The network path was not found
Make sure the default admin% share is enabled on computername.
Make sure the remote computer is accessible over the network via SMB (TCP port 445). You can test the connection to the remote computer using the following PowerShell command:
Test-NetConnection -ComputerName pc99 -Port 445
Check the command response. If TcpTestSucceeded is not equal to True, this means that this port is blocked by the firewall.
You can open the SMB port in Windows Defender Firewall on a remote computer by enabling the “File and Printer Sharing” rule using the following command:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
Make sure ADMIN% (Remote Admin) and other Windows admin shares (C$, IPC$) are published on the remote computer:
net view pc99 /all
If the list of admin shares on the remote computer is empty, run the following command on it locally:
net share
If there are no administrative shares, you need to publish them with the command:
reg add HKLMSYSTEMCurrentControlSetServiceslanmanserverparameters /f /v AutoShareWks /t REG_DWORD /d 0
Then restart the remote computer.
Fixing the Error: “Could not start PsExec service”
In some cases, when connecting to a remote computer through PsExec, you may receive an error:
Could not start PSEXESVC service on PC:
Access is denied.
If you encountered such an error, try to use one of the following solutions:
- Make sure your user is a member of the local administrators’ group on the remote computer;
- If the username on a remote computer differs from the current security context, try to specify remote user credentials as follows:
psexec PC1 -u PC1user1 -p adminpassword -h -i cmd
(be sure to use the –h option in your PsExec command);
- On a remote computer in the registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem try to change the parameter ‘LocalAccountTokenFilterPolicy’ value to 1. When UAC is enabled, this will allow you to run commands on a remote computer with administrator permissions;
- Try temporarily disabling Windows Firewall on the remote computer.
PsExec: logon failure
When connecting to a remote computer, the following PsExec error may appear:
PsExec could not start cmd.exe on PCName:
Logon failure: the user has not been granted the requested logon type at this computer.
In this case, you need to add the following options to your PsExec command:
PsExec.exe -i –h PCName yourcommand
PSExec error code 1
If PsExec returns “error code 1” when you run a batch file on a remote computer, you are most likely using the exit command in your bat file. Change the exit command to
exit / b 0
Such a command terminates the batch file, closes cmd.exe, and sets the return code to zero.