We have a Windows environment comprising XP SP3 workstations, some Vista Workstations, and Windows 2003 Server. I have need to start a process remotely on some of these systems from the command line (a script). The ID starting the process and the ID that will run the process are both members of the remote machine's Local Admin group and are not necessarily the same user. Policy prevents adding 3rd party software such as WinSSH, Cygwin, or others. Exceptions to the policy may be granted with great effort, but I am lazy.
I would like the ability to start a process remotely as a different (or the same) user as I can with SSH on UNIX variants. The closest I can come is using schtasks to remotely create/run/delete a task that accomplishes what I need. This is combersome and I have concern over password protection as the command traverses the network. Does Windows somehow encrypt the traffic when you issue: schtasks /create /tn /tr /ru /rp /sc once /st ?.
Is there a better way?
Is there a better way that doesn't require oceans of cscript?
Best Answer
PSexec will do what you want. It dosent need to be installed to use it.
As for security in PSexec, if the account you are using to execute PSexec on your machine has the right privelidges on the remote machine, then you dont need to enter a username and password with the PSexec command, and no credentials are sent in clear text 'over the wire' to the remote machine.
However if you have to incude username and password with the PSexec command then they will be sent in clear text to the remote machine.