Remote Command Execution

Remote Command Syntax

PsExec \\<RemoteComputerName> cmd.exe /c <command>

PsExec (Sysinternals) allows you to execute processes remotely.

psexec \\RemoteComputerName ipconfig

Example

psexec \\RemoteComputerName -u Username -p Password cmd.exe /c CommandToRun

PsExec with explicit credentials.

Invoke-Command -ComputerName RemoteComputerName -ScriptBlock { CommandToRun }

PowerShell cmdlet

Invoke-Command -ComputerName RemoteComputerName -ScriptBlock { Get-Process }

Example

Invoke-Expression

Not intended for remote execution, but can with the necessary permissions.

mstsc /v:RemoteComputerName

The Remote Desktop Command (mstsc) (GUI App, but does command open GUI?)

WinRS -r:RemoteComputerName <command>

Windows Remote Shell (WinRS)

winrs -r:http://RemoteComputerName <command>

Example

ssh username@RemoteComputerName CommandToRun

SSH

Enter-PSSession -ComputerName RemoteComputerName

Start interactive session with a remote computer.

Invoke-Expression -Command "Enter-PSSession -ComputerName RemoteComputerName"

Example

wmic /node:"RemoteComputerName" process call create "<command>"

WMIC.

wmic /node:"RemoteComputerName" process list

Example

wmic /node:"RemoteComputerName" os get caption

Another Example

sc \\RemoteComputerName start ServiceName

Remote service start.

Example:

Get-Hotfix -ComputerName win10 -Credential administrator (prompt for PW)

$c = Get-Credential -UserName "win10\user" -Message:"Enter password:"

Get-Hotfix -ComputerName win10 -Credential $c

Get-Hotfix -computername win10 -credential $c | where {$_.Description -match "Security"}

PS Sessions

Establish Creds

$cred = Get-Credential -UserName "win7\User"  -Message:"Enter password:"

Issue Remote Command

Get-Hotfix -ComputerName win7 -Credential $cred

Establish PSSession

$session 7 = New-PSSession -computername win7 -Credentail $cred

4A) Enter Commands to PSSession

Invoke-Command -session $session7 {get-process}

4B) Interactively Control

` Enter-PSSession -session7 $session7

Get-Process

Get-Service | Where {$_.Status -like "Running"

Exit-PSSession

Commands with Remote Options

reg /s "C:\Path\To\Your\RegistryFile.reg"

/sparameter to import registry changes remotely by specifying the remote computer's registry path.

reg import \\RemoteComputerName\Share\RegistryFile.reg

Remote registry import

sc \\RemoteComputerName stop "ServiceName"

Allows you to manage and configure Windows services on remote computers.

sc \\RemoteComputerName query

Query services on remote computers.

netsh -r RemoteComputerName interface show interface

You can use netshto configure network settings on remote Windows systems if you have appropriate permissions.

tasklist /s RemoteComputerName

The tasklistcommand with the /sparameter allows you to list running processes on a remote computer.

query user /server

Displays information about user sessions on a remote server.

query process /server

Lists processes running on a remote server.

gpupdate /target:computer /force

Forces a remote update of Group Policy settings on a computer.

wmic /node /output

Allows you to run a specific command on multiple remote computers and save the output to a file.

taskkill /s

Terminates processes on a remote computer specified by its name or IP.

ssh username@RemoteComputerName "ls"

Run remote command

Allows you to schedule tasks remotely on other Windows computers:

schtasks /create /s RemoteComputerName /tn "MyTask" /tr "C:\MyScript.bat" /sc daily /st 08:00

PreviousStored Credentials NextActive Directory

Last updated 1 year ago

Was this helpful?