Subscribe

Get the Network Administrators tool pack

Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.

Click Here to get your free tools

Recent Posts

Search

Archives

Execute processes remotely

Post image for Execute processes remotely

by Steve Wiseman on June 6, 2012 · 23 comments

in Tips,Tools,Utility


.

We have been working hard on a new remote execution engine for Network Administrator

It really is a difficult problem to tackle with Windows 7, Vista, and 2008 in the mix. UAC, and other security features make it nearly impossible get something like this to work properly – but we have come up with some elegant solutions.

The execution engine is almost complete, but we still have some work to do before we can get it inside the latest version of Network Administrator

Why not create a free tool from this code?

What a great idea! – That is exactly what we did, and it is called ‘Remote Execute’

It allows you to take a program, and execute it remotely on any Windows 2000, XP, 2003, Windows 7, Windows 2008, or Vista machine on your network.

What makes this free tool so special? Here are some situations that it covers:

-Execute a process as the user sitting in front of the machine, not the administrator. Got a script you want to run on a machine, but as the current user? This can do the trick

-Execute in any console or remote desktop session that matches a wildcard filter. Need to run a program in Dave’s session on the terminal server? No problem

-Access to the standard input and output of the process on the remote machine. Want to have a remote command line? Remote Execute can do it.

-Mike is at the reception desk and needs a setup program launched as administrator. No need to go to his computer, just execute it as an admin in the console session. No UAC prompts either, it will be automatically elevated.

-Jennifer in accounting needs a drive mapped. Don’t want to interrupt her by remoting into her machine? Remote Execute can connect you to a command prompt that is run under Jennifer’s account. Just run the network mapping commands from your workstation and she is all set.

-Automatic detection of VBS and BAT files, so you don’t have to create a funky command line to get it to work.

Here are the command line options for Remote Execute:

RemoteExecute.exe -h [host] -u [user] -p [pass] [options] [filename] [arguments]

Options:

-h The remote host name or IP
-u Username *
-p Password *
-e Don't load users environment variables
-l Don't load users profile
-c Copy file to the remote host
-cs Run process in the console session
-n Run process as hidden
-sf [filter] Run in session where [filter] matches the user
-i Return immediately, and don't wait for it to terminate
-sa Run process under the system account
-su Run process as the session user
-q Quiet mode

* - Required options

Lets start out with a simple one. You want to get a remote command line on a remote Windows 2000 machine with the IP address 10.10.10.146. What are the options to do this?

RemoteExecute.exe -h 10.10.10.146 -u administrator -p password %systemroot%\System32\cmd.exe

See, Now on my Windows 7 machine it drops down to that remote computer’s command prompt:

Windows 2000 Remote Process

If you wanted to run a script as the current console user, it would look like this:

RemoteExecute.exe -su -cs -h 10.10.10.146 -u administrator -p password c:\temp\test.vbs

These two options are what enabled this to happen:

-su – Tells it to run as the current session user instead of you
-cs – Tells it to execute the application in the console session

If you wanted to copy that c:\temp\test.vbs over to the remote host, just add the -c option like this:

RemoteExecute.exe -c -su -cs -h 10.10.10.146 -u administrator -p password c:\temp\test.vbs

What about that terminal server? Lets say you have a user named mike logged into that server and want to run a script that remaps all his printers.

The command line would look like this:

RemoteExecute.exe -su -sf mike -h 10.10.10.146 -u administrator -p password c:\Code\ReMapPrn.bat

-su – This option tells it to run as mike, not the administrator. This will allow our printer mapping to directly affect his account

-sf – This is the session filter. It tells it to find the first account matching the name ‘mike’

The session filter argument can also take DOS style wildcards:

RemoteExecute.exe -sf admin* -su -h 10.10.10.146 -u administrator -p password c:\Code\BigScript.bat

Just keep in mind it will only execute on the first session that matches the wildcard.

What if you have a batch file on your local machine that you want to have copied over to the remote machine?

Just use the -c option, and it will copy the file and automatically take care of the rest:

RemoteExecute.exe -c -h 10.10.10.146 -u administrator -p password c:\Code\BigScript.bat

Make sure you always put your options first. The file you are going to execute, and its arguments always go last.

There are lots of options packed in this tool. Most of its functionality and more will be in the next release of Network Administrator, and all current customers will get this as a free update when it comes out. Buy it before the release (Towards the end of June) and get 25% off the usual price. Use the code INTE40 when ordering.

This is the first release, so please let us know if you are having trouble getting it to run a program remotely. We have tested it on every major version of Windows, but there could always be a combination of service packs and Windows version that could cause an issue. Just send an email to support@intelliadmin.com and we will get back to you asap.

Get Remote Execute from our download section

Oh – and I almost forgot. This requires file and printer sharing. Here are links on how to open this up on all major versions of Windows:

Windows XP:

http://www.intelliadmin.com/index.php/2008/12/enabling-file-and-printer-sharing-in-windows-xp/

Windows Vista, 2008:

http://www.intelliadmin.com/index.php/2008/12/enabling-file-and-printer-sharing-in-vista/

Windows 7, 2008 R2:

http://www.intelliadmin.com/index.php/2009/08/windows-7-the-admin-share/

As always, these freebies are free for commercial and personal use.

One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools

Related Articles:

{ 23 comments… read them below or add one }

1 Dave Meiher June 6, 2012 at 10:59 pm

Awesome work Steve. You and your team really have done it this time. I have been using PSExec for a while, but it is starting to show its age. One issue I always run into now is if you run a process as yourself (The user account you provide on the command line) and try to push it to the console session when no one is logged in – PSExec just freezes until it times out. I tested and your tool seems to detect this, and tell me to use the system account instead. Glad that it comes back right away, but is there any way around this?

2 Steve Wiseman June 6, 2012 at 11:03 pm

Hi Dave,

I believe this is a security issue in Windows. As it is we are in uncharted territory. If you use just standard API calls…what our program does is impossible. In the case that you describe the API call CreateProcessAsUser returns success, but no process is launched. If you dig deeper you see that CreateProcessXX actually seg faults. I believe it is a permission issue since the system account works fine.

It makes sense – I don’t think MS wants other users running processes in the console session when nobody is logged in. Would seem like a big security hole to me 馃檪

3 Dave Meiher June 6, 2012 at 11:03 pm

True true, but then how do I run a script that uses ‘net use’. If I use the system account it does not always work properly.

4 Steve Wiseman June 6, 2012 at 11:05 pm

The answer is don’t run it in a desktop session. With our tool just don’t use the -cs or -sf options and it will run under the service account session. The one downside with this is that the application cannot show any windows or it will cause a prompt to show up under vista/7/2008

5 Dave Meiher June 6, 2012 at 11:06 pm

Ahh! That is what I was doing wrong. Don’t need a visible desktop, just running a bat file silently that accesses some network shares. Thanks a ton steve.

6 Jennifer June 7, 2012 at 8:32 am

A pro tip for the sneaky out there: If you are going to use this to get a remote command line into someones desktop, make sure you use the -n option so they don’t see a big black box on their screen from the empty command line. Here is an example of how I do it:

RemoteExecute -cs -su -n -h 10.10.10.1 -u user -p pass %systemroot%\system32\cmd.exe

That will get you a remote command line in the users desktop, and they won’t see a thing. You can launch processes, remap printers, network drives, etc. All without bothering the user but of course they need to be logged in.

7 Michael Allen June 13, 2012 at 10:40 pm

Hi Steve,

This program is fantastic, it appeared just when I needed it to.

I am currently using it to deploy SCCM packages remotely using a local copy of the SCCM package instead of waiting on the replication to occur from the US to AUS.

http://youtu.be/JeuoYwXprWI

Is there any chance it could be changed so that we don’t need to specify a username and password – eg use the current logged on user.

8 Michael Allen June 14, 2012 at 3:16 am

Hi Steve,

This is a correction to my last post with an updated video.

Your RemoteExecute.exe came though just at the right time. I was looking at using Task Scheduler to install via the system account, however your utility does exactly what I was after.

http://youtu.be/0LwLQKPVSFM?hd=1

I created a tool for our support staff to allow SCCM packages to be installed straight away instead of waiting for cross domain communication to occur which increases our install times.

The application I wrote to speed up the SCCM install process does the below.
路 Application queries the SCCM package directory
路 Presents the packages in a live dialog
路 Unzips the package to the remote machine
路 Installs SCCM package using remoteexecute from IntelliAdmin
路 Once completed removes the unzipped package from the remote machine
路 Also has an uninstall option for the packages

Once again thank you for your wonderful tool.

9 Steve Wiseman June 14, 2012 at 9:20 am

Great stuff Michael. Thanks for taking the time to post. I will see what we can do about removing the user account requirement…I think it is possible since we can grab a user token from a connected pipe.

10 Michael December 7, 2012 at 6:12 pm

Hi Steve. Great tool! I’m very impressed. It almost meets my need… I have a service that periodically runs an executable as the console user to collect their mapped drive information. It doesn’t work with Windows 7 and I was hoping to use RemoteExecute… however the requirement for User and Password keeps it from working for me, so I too would love it if the user and password was removed (if the code is being executed against the local system as the SYSTEM user). Regardless, I know that on occasion I’ll make use of this wonderful tool as is. Thanks again.

11 David December 22, 2012 at 2:02 am

I think it can become a great tool with some improvement.

I am trying to launch back up on Win 7 (64-bit) from Win XP (32-bit) remotely. I remotely start cmd.exe on Win 7, and when I try to run “WBADMIN START BACKUP -backupTarget:x: -include:f: -quiet”, I get a message that ‘wbadmin is not recognized as an internal or external command.’ What I find is that using remote session, I don’t find wbadmin.exe in c:\windows\system32\ while I can find the file in the folder if I personally logged in at the machine.

12 anuser February 25, 2013 at 6:12 am

Hello!
If I launch a .VBS script with parameters the remoteexecute.exe strips the quote marks. this.vbs “1st par” “2nd par” -> this.vbs 1st par 2nd par

13 Joe D. March 4, 2013 at 5:11 pm

Hello,

First, love the tools! Many thanks!
I’m having problems with the free Remote Execute tool from command line. My goal is to use this for remote software installs or uninstalls. I keep getting the following:
“Connecting…
Connected, starting service…
Service started, launching Process…
Logon failure: unknown user name or bad password.”

I can’t even get it to open a command prompt:
remoteexecute.exe -h COMPUTER -u domain\me -p MyPassword %systemroot%\System32\cmd.exe

The only way it has worked is with the -su -cs switches. But this runs as the current user (not as me) so installs fail.

Thanks!

14 Steve Wiseman March 5, 2013 at 4:08 pm

The first thing I would check to see is if the remote machine has simple file sharing enabled. When this is turned on, all authentication comes back with access denied.

Is the remote computer XP by any chance? If so check out this article for what you need to change:

http://www.intelliadmin.com/index.php/2006/01/enable-file-and-printer-sharing-on-xp-sp2/

Thanks,

Steve

15 Rinzwind June 5, 2013 at 3:49 am

Same problem.. it’s not working (at least in a domain environment).

*****************************************
* IntelliAdmin Remote Execute v1.0 *
* http://www.intelliadmin.com *
* Copyright 2005-2012 IntelliAdmin, LLC *
*****************************************

Connecting…
Connected, starting service…
Service started, launching Process…
Logon failure: unknown user name or bad password.

(Windows 7 to Windows 2008 R2)

Also it would be welcome to use current credentials instead of -u and -p

Still thanks for the effort.

16 Paul August 1, 2013 at 2:30 pm

I had a user with a & in the password. which threw an error as well.

17 Scott M August 13, 2013 at 10:25 am

I was having the domain credential issue as well, replacing domain\username with username@domain fixed it!

18 mihail September 25, 2013 at 1:05 pm

Hi Steve, greate tool indeed.
I have a question about the arguments usage.
RemoteExecute.exe -h [host] -u [user] -p [pass] [options] [filename] [arguments]

say I need to run
RemoteExecute.exe -h 10.10.10.1 -u user -p pass cmd /c “C:\Program Files\Some Path\First Application.exe”

How could I do that, given the intervals in both the path to the executable and in the executabe itself?
Using shortname isn’t an option.

19 Menesh October 22, 2014 at 11:16 am

How can you run the -h on a few machines in a text file

20 Andrew February 8, 2015 at 8:46 am

How do i auto run a .exe file on a remote system without me having the system IP address or username and password. I only have the email address using the computer, guide me on this asap pls

21 Steve Wiseman February 13, 2015 at 6:14 am

Andrew,

Sorry Andrew…not possible unless you are into illegal activities and want to send them a specialized virus via email.

22 Ken February 17, 2015 at 10:25 am

Hi Steve,

Great tool. But I have a question. Is the Remote Execute network traffic encrypted?

We are worried that it does not comply with our company’s security policy that states that we must “encrypt all non-console administrative access”.

23 Steve Wiseman February 17, 2015 at 12:08 pm

It is encrypted because at this time it does not use any of our own protocols. We are using the MS file transfer (Think copying files over your network) to send the commands.

This will change in the future when we upgrades. But if we do use our own protocol it will be encrypted.

Leave a Comment

Category Links - Windows Forum - Exchange Forum