I have a problem, and the Internet doesn't seem to have a solution, so maybe someone here can help.
I'm trying to start a command-line prompt on a remote machine using PsExec, but I keep getting an "Access is Denied" error. Both my local and the remote machine are running Windows 7 Enterprise (local: x64, remote x86) and I'm using PsExec 1.98. I use the following command:
psexec \\remote -u domain\user -p password -i -d cmd.exe
I have also tried other commands (such as using -s, -h, etc.), it doesn't seem to make a difference. I have access to the admin$ share of the remote machine from my local one. The Event Viewer tells me that a logon (and logoff) occurs on the remote machine.
Also, PsExec creates the PSEXESVC.EXE in the windows directory, but does not delete it!
Interestingly, the same command works just fine on a Win-7-Professional (x64) and it also works perfectly fine in reverse (i.e. when executed from the remote machine to start cmd on the local one). Deactivating anti-virus and firewall on the remote machine did not make a difference. I cannot deactivate it on the local one, but I have my doubts that the error is caused there.
Does anyone have any ideas?
Best Answer
Bit late, I know, but I've just been trying to solve this too. Turns out it has to do with security levels / user access levels.
I was trying to run psexec from a command prompt on a local PC and had started the command prompt by right clicking and choosing "Run as administrator". Then I'd run the psexec command targetting a remote server and specify a domain admin account for the -u parameter.
However, my local account only had administrative privileges on the local machine, not the remote one and choosing "run as administrator" doesn't actually mean "run as domain administrator"! (Obviously, duh!).
So, in effect, what was happening was that it was trying to run my main command as a domain admin on the remote but the psexec part was being run as my (non-admin) domain user account - which didn't have the appropriate permissions on the server.
Solution: Instead of starting a command prompt as above use the runas command.
eg: Start -> Run -> runas /user:domain\administrator cmd
then run your psexec command and you won't need the -u flag
or, from inside a normal command prompt you could do this instead:
runas /user:domain\administrator "psexec \\remote cmd"