How to run PowerShell from PSExec

PowerShell Remoting is a great tool to run scripts in multiple remote Workstations or Laptops without the need to connect to every Workstation/Laptop and run the script or do the task manually.

However, PowerShell Remoting has some prerequisites to working. Sometimes we don't have the time to enable the Powershell Remoting but a script must be run on many PCs.

Here comes to help us with the Psexec that we can use to enable the PowerShell Remoting or run the PowerShell command from Psexec.

 

What is the PsExec Tool

I am sure you all have heard of the PsExec Tool. Most of you have use it as well.

PsExec is a part of SysInternals command line tools. Developed by Mark Russinovich  and now own by Microsoft. PsExec is a command line based remote administration tool and allows for remote executions of processes on other systems.

Because lot of bad guys(hackers) used the psexec tool, many antivirus block it as a Trojan.

However, sometimes it's very useful and must be part of your IT Tools.

Prerequisites

If you  want to run the PsExec on the remote pc you have a few items in place.

  • File and Print Sharing port open  (TCP 445) in the Firewall.

 

How to use PsExec with PowerShell

Let's say that you have a requirement or you have a big problem and you can solve it with a one-line PowerShell script.

A few months ago I had an issue with the TeamViewer. After an update that shouldn't be done the Teamviewer has a problem with the camera resolution of almost in 40 users.

Unfortunately, I didn't have a GPO to enable the PowerShell Remoting but the problem had to be resolved until the next day.

This was one of the reasons that I used the PsExec with the PowerShell to enable the PowerShell Remoting in all the Workstations/Laptops and uninstall the TeamViewer remotely to install the previous one from a Deployment Tool.

So let's explain how can use the PsExec with PowerShell

Extract the psexec folder

 

  • Open the PowerShell as Administrator.
  • Go to the path that the PsExec folder created.
  • Identify that you can log in with PsExec on a remote pc with the following command
    .\Psexec \\<remote computer name or IP Address> cmd
    .\Psexec \\DESKTOP-B9TIM7T cmd
  • If you don't have any firewall rule to block the psexec then you will see something like the following 

 

  • If you have blocked psexec with the firewall you will get an access error like the following.
  • In case the Windows Firewall of the remote pc block the PsExec then the only way is to allow the PsExec in Windows Firewall directly from the Remote PC.

 

  • Now it's time to run the PowerShell command to enable the PowerShell Remoting
  • Run the following command
    .\PsExec.exe \\DESKTOP-B9TIM7T powershell.exe Enable-psremoting

 

  • When the PowerShell command will be run in the remote pc and exits with code 0 then type the following command to verify that the PS Remoting is enabled.
    Enter-PSSession DESKTOP-B9TIM7T

 

  • Now you can run your PowerShell script to the remote pc.
  • However, you can run almost every PowerShell command from PsExec as you can see.

This is a workaround where you can resolve many problems when you haven't deployed a GPO to allow the PowerShell Remoting to the environments it needs.

 

Tags