Remotely execute CMD.EXE on another Windows (domain) computer easily with PsExec

PsExec from Sysinternals is a tiny, very handy tool for launching processes on remote Windows machines when you have admin credentials on the target.

Here's a quick example. To run an interactive command prompt on \\REMOTESERVER as the SYSTEM account, do this:

psexec \\REMOTESERVER -s -i cmd.exe

Or, run a command under a specific domain user:

psexec \\REMOTESERVER -u DOMAIN\Administrator -p P@ssw0rd "C:\Windows\System32\ipconfig.exe /all"

A few notes and tips on the tool:

• You need administrative permissions (or equivalent) on the remote machine.
• If you want the session detached, add "-d" at the end (D = don't wait).
• Use -i to run interactive UI apps on the console session (or a specific session id).
• Prefer PowerShell Remoting (WinRM) for scripted, authenticated automation in domains; PsExec is handy for quick ad-hoc tasks and tools that expect a local process.

Security note: PsExec is powerful and is also commonly used by attackers for breaking in, so run it only from trusted admin machines and monitor the tool's usage.