Winexe – How to Start a Windows Process from Linux

linuxpstoolsremotewindows

When I'm on Windows I use PsExec to start processes on other Windows machines. I now have the case that I want to do that from a Linux machine.

Fortunately there is winexe, a small program which should work like PsExec, just for the Linux-World. I got no problems with installing it and I'm able to start processes like cmd.exe.

The problem is that I'm not able to start a process which is visible to the Windows user. If I start calc.exe I can see that it is started in the task manager, but there is no GUI.

Question:
How is it possible to start processes that are actually visible on the Windows machine?

Best Answer

How is it possible to start processes that are actually visible on the Windows machine?

A good start would be by creating the process in the session of the currently logged on user. That's usually session 1 if there's only one person logged on. If multiple people are logged on, it might be session 2 or 3 or 27. You'd have to run code in wtsapi32.dll first to find who was connected to which session. In modern versions of Windows, session 0 is reserved for services and system functions.

You're starting a process in session 0, therefore no one can see it.

psexec can start a remote process and let you choose a different session in which to start it, but I don't know of any Linux equivalent. I looked at the man page for winexe and it does not appear to have that option.

Edit: Microsoft's official stance is that launching interactive processes remotely is too big of a security risk, and so they inhibit your ability to do it... but we can still work around it if we're willing to get dirty:

schtasks.exe /create /S COMPUTERNAME /RU "NT AUTHORITY\SYSTEM" /RL HIGHEST /SC ONSTART /TN "RemoteProcess" /TR "program.exe \"argument 1\" \"argument 2\""

schtasks.exe /Run /S COMPUTERNAME /I /TN "RemoteProcess"

schtasks.exe /Delete /S COMPUTERNAME /TN "RemoteProcess"
Related Topic