PsExec下载地址及其用法
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Using PsExec
See the July 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of PsExec.
Usage: psexec [\computer[,computer2,...] | @file]-n s-s|-e[-i session]]-w directory- cmd [arguments]
| computer | Direct PsExec to run the application on the computer or computers specified. If you omit the computer name PsExec runs the application on the local system and if you enter a computer name of "*" PsExec runs the applications on all computers in the current domain. |
|---|---|
| @file | Directs PsExec to run the command on each computer listed in the text file specified. |
| -a | Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: "-a 2,4" |
| -c | Copy the specified program to the remote system for execution. If you omit this option then the application must be in the system's path on the remote system. |
| -d | Don't wait for application to terminate. Only use this option for non-interactive applications. |
| -e | Does not load the specified account's profile. |
| -f | Copy the specified program to the remote system even if the file already exists on the remote system. |
| -i | Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session. |
| -l | Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. |
| -n | Specifies timeout in seconds connecting to remote computers. |
| -p | Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password. |
| -s | Run remote process in the System account. |
| -u | Specifies optional user name for login to remote computer. |
| -v | Copy the specified file only if it has a higher version number or is newer on than the one on the remote system. |
| -w | Set the working directory of the process (relative to the remote computer). |
| -x | Display the UI on the Winlogon desktop (local system only). |
| -priority | Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista. |
| program | Name of the program to execute. |
| arguments | Arguments to pass (note that file paths must be absolute paths on the target system) |
You can enclose applications that have spaces in their name with quotation marks e.g. "psexec \marklap "c:\long name\app.exe". Input is only passed to the remote system when you press the enter key, and typing Ctrl-C terminates the remote process.
If you omit a username the remote process runs in the same account from which you execute PsExec, but because the remote process is impersonating it will not have access to network resources on the remote system. When you specify a username the remote process executes in the account specified, and will have access to any network resources the account has access to. Note that the password is transmitted in clear text to the remote system.
Examples
This article I wrote describes how PsExec works and gives tips on how to use it:
The following command launches an interactive command prompt on \marklap:
psexec \marklap cmd
This command executes IpConfig on the remote system with the /all switch, and displays the resulting output locally:
psexec \marklap ipconfig /all
This command copies the program test.exe to the remote system and executes it interactively:
psexec \marklap -c test.exe
Specify the full path to a program that is already installed on a remote system if its not on the system's path:
psexec \marklap c:\bin\test.exe
Run Regedit interactively in the System account to view the contents of the SAM and SECURITY keys::
psexec -i -d -s c:\windows\regedit.exe
To run Internet Explorer as with limited-user privileges use this command:
psexec -l -d "c:\program files\internet explorer\iexplore.exe"
以下命令可在 \marklap 上启动交互式命令提示窗口
psexec \marklap cmd
此命令通过 /all 开关在远程系统上执行 IpConfig,并在本地显示输出结果:
psexec \marklap ipconfig /all
此命令将程序 test.exe 复制到远程系统,并以交互方式执行此程序:
psexec \marklap -c test.exe
如果远程系统中已经安装的程序不在系统路径中,请指定该程序的完整路径:
psexec \marklap c:\bin\test.exe
在系统帐户中以交互方式运行 Regedit,以便查看 SAM 和 SECURITY 注册表项的内容:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
要以受限用户权限运行 Internet Explorer,请使用此命令:
psexec -l -d "c:\program files\internet explorer\iexplore.exe"
写在最后
如果你觉得冰河写的还不错,请微信搜索并关注「 冰河技术 」微信公众号,跟冰河学习高并发、分布式、微服务、大数据、互联网和云原生技术,「 冰河技术 」微信公众号更新了大量技术专题,每一篇技术文章干货满满!不少读者已经通过阅读「 冰河技术 」微信公众号文章,吊打面试官,成功跳槽到大厂;也有不少读者实现了技术上的飞跃,成为公司的技术骨干!如果你也想像他们一样提升自己的能力,实现技术能力的飞跃,进大厂,升职加薪,那就关注「 冰河技术 」微信公众号吧,每天更新超硬核技术干货,让你对如何提升技术能力不再迷茫!
