Remote Process Execution using PowerShell and PSExec

Disclaimer:
This article suggests to use in your business „push” communication technique, that is not the best practices in asking for feedback.

 

Scenario

Management of ABC Corporation ask Network admin to „open”, based on request, a specific web page on users’ computers. This task has to be launched by a regular user (User1) without Domain admin privileges or local administrator privileges on remote computers. The better option is to run the task on a scheduled time for specified computers with credentials of a Domain User configured as Local Administrators on remote computers.

 

Constraints

• WinRM services is disabled on remote computers and you are not able to run PowerShell command Invoke-Command.
• Runas command cannot be used because the password parameter cannot be scripted. Also, we do not want to store password in scripts.
• PSExec command cannot be executed by a domain user using other remote local admin credentials. If you are User1 logged on device Win10-1 and you want to run a PSExec command on Win10-2 using TU_Remote credentials you are not able to launch the remote process.
• The most restrictive constraint: User1 do not know the password of TU_Remote.

 

Procedure

1. Download the script or copy the script text from TechNet Gallery.
2. Create a folder Scripts on your drive. Create a Logs subfolder on Scripts.
3. Fill the list of computers on a text file. If you want to test for your computer only you can use „.” (dot) as computer name.
4. Download PSTools from https://docs.microsoft.com/en-us/sysinternals/downloads/psexec and copy psexec into your Scripts folder.
5. Assure that the technical user is local admin on remote computers.
6. Test the script with a privileged account
7. On a network server create a scheduled task to run the script with parameters and use technical user as credentials. Be sure that you specify full path for your script.
8. Test the scheduled task.
9. Consult log file.
10. Define your triggers and how to maintain the list of computers.

 

 

In this Demo

Demo video: https://youtu.be/X-HD-CTAbYQ

 

 

Hope it helps!

 

References

• Michael Pietroforte, Use PowerShell Invoke-Command to run scripts on remote computers – https://4sysops.com/archives/use-powershell-invoke-command-to-run-scripts-on-remote-computers/
• Chris Hoffman, How to Run PowerShell Commands on Remote Computers – https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/
• Lowell Heddings, Using PsTools to Control Other PCs from the Command Line, https://www.howtogeek.com/school/sysinternals-pro/lesson8/
• PsTools Sysinternals, https://forum.sysinternals.com/pstools_forum8.html
• Jianpeng Mo, PowerShell vs. PsExec for Remote Command Execution, https://www.opswat.com/blog/powershell-vs-psexec-remote-command-execution