# Remote Command Execution ## Remote Command Syntax

Command	Description
`PsExec \\<RemoteComputerName> cmd.exe /c <command>`	PsExec (Sysinternals) allows you to execute processes remotely.
`psexec \\RemoteComputerName ipconfig`	Example
`psexec \\RemoteComputerName -u Username -p Password cmd.exe /c CommandToRun`	PsExec with explicit credentials.
`Invoke-Command -ComputerName RemoteComputerName -ScriptBlock { CommandToRun }`	PowerShell cmdlet
`Invoke-Command -ComputerName RemoteComputerName -ScriptBlock { Get-Process }`	Example
`Invoke-Expression`	Not intended for remote execution, but can with the necessary permissions.
`mstsc /v:RemoteComputerName`	The Remote Desktop Command (`mstsc`) (GUI App, but does command open GUI?)
`WinRS -r:RemoteComputerName <command>`	Windows Remote Shell (WinRS)
`winrs -r:http://RemoteComputerName <command>`	Example
`ssh username@RemoteComputerName CommandToRun`	SSH
`Enter-PSSession -ComputerName RemoteComputerName`	Start interactive session with a remote computer.
`Invoke-Expression -Command "Enter-PSSession -ComputerName RemoteComputerName"`	Example
`wmic /node:"RemoteComputerName" process call create "<command>"`	WMIC.
`wmic /node:"RemoteComputerName" process list`	Example
`wmic /node:"RemoteComputerName" os get caption`	Another Example
`sc \\RemoteComputerName start ServiceName`	Remote service start.

Example: ```powershell Get-Hotfix -ComputerName win10 -Credential administrator (prompt for PW) ``` ```powershell $c = Get-Credential -UserName "win10\user" -Message:"Enter password:" ``` ```powershell Get-Hotfix -ComputerName win10 -Credential $c ``` ```powershell Get-Hotfix -computername win10 -credential $c | where {$_.Description -match "Security"} ``` ## PS Sessions 1. Establish Creds ```powershell $cred = Get-Credential -UserName "win7\User" -Message:"Enter password:" ``` 2. Issue Remote Command ```powershell Get-Hotfix -ComputerName win7 -Credential $cred ``` 3. Establish PSSession ```powershell $session 7 = New-PSSession -computername win7 -Credentail $cred ``` 4A) Enter Commands to PSSession ```powershell Invoke-Command -session $session7 {get-process} ``` 4B) Interactively Control ```powershell ` Enter-PSSession -session7 $session7 ``` ```powershell Get-Process ``` ```powershell Get-Service | Where {$_.Status -like "Running" ``` ```powershell Exit-PSSession ``` ## Commands with Remote Options

Command	Description
`reg /s "C:\Path\To\Your\RegistryFile.reg"`	`/s`parameter to import registry changes remotely by specifying the remote computer's registry path.
`reg import \\RemoteComputerName\Share\RegistryFile.reg`	Remote registry import
`sc \\RemoteComputerName stop "ServiceName"`	Allows you to manage and configure Windows services on remote computers.
`sc \\RemoteComputerName query`	Query services on remote computers.
`netsh -r RemoteComputerName interface show interface`	You can use `netsh`to configure network settings on remote Windows systems if you have appropriate permissions.
`tasklist /s RemoteComputerName`	The `tasklist`command with the `/s`parameter allows you to list running processes on a remote computer.
`query user /server`	Displays information about user sessions on a remote server.
`query process /server`	Lists processes running on a remote server.
`gpupdate /target:computer /force`	Forces a remote update of Group Policy settings on a computer.
`wmic /node /output`	Allows you to run a specific command on multiple remote computers and save the output to a file.
`taskkill /s`	Terminates processes on a remote computer specified by its name or IP.
`ssh username@RemoteComputerName "ls"`	Run remote command

Allows you to schedule tasks remotely on other Windows computers: {% code overflow="wrap" %} ```powershell schtasks /create /s RemoteComputerName /tn "MyTask" /tr "C:\MyScript.bat" /sc daily /st 08:00 ``` {% endcode %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.shellspells.net/windows/system-ops/remote-command-execution.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.