PSEXEC access denied errors

Question

While I m using PSEXEC exe getting  Access denied  error for remote systems   Any idea about how to solve this

User · Answer

I tried a lot of way but I could not use psexec. It gives "Access denied". After I change the target user account type from Standard to Admin, I connected the machine via psexec.

I researched the reason why admin type account is required then I found this answer.

You can change target machine user account this way: Control Panel -> User Accounts -> Change Account Type. You must enter an admin account and password to change that account if you logged in standard account.

After that I logged in with this command: psexec \\remotepcname -u remoteusername -p remotepassword cmd

User · Answer

Try setting this key on the target  remote  machine  and restart the machine    HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies System   LocalAccountTokenFilterPolicy  dword 00000001   See  http   forum sysinternals com topic10924 html and http   www brandonmartinez com 2013 04 24 resolve-access-is-denied-using-psexec-with-a-local-admin-account

User · Answer

I still use psexec  even on win 10  Replace the psexec exe in the Windows 10 s win32 folder with the older version to work -  I use version 2 11 0 0  The Windows 10 version I was using would only run  bat files as background hidden process on the remote computer  Took a whole day to figure this out   Adding the registry key from above to the remote computer helps as well      reg add HKLM SOFTWARE Microsoft Windows CurrentVersion Policies system  v LocalAccountTokenFilterPolicy  t REG DWORD  d 1  f

User · Answer

PsExec has whatever access rights its launcher has  It runs under regular Windows access control  This means whoever launched PsExec  be it either you  the scheduler  a service etc   does not have sufficient rights on the target machine  or the target machine is not configured correctly  The first things to do are    Make sure the launcher of PsExec is familiar to the target machine  either via the domain or by having the same user and password defined locally on both machines  Use command line arguments to specify a user that is known to the target machine  -u user -p password    If this did not solve your problem  make sure the target machine meets the minimum requirements  specified here

User · Answer

I couldn t get access to remote machines unless I had UAC disabled    That has to be done locally  either from control panel or running the following through cmd    reg exe ADD HKLM SOFTWARE Microsoft Windows CurrentVersion Policies System  v EnableLUA  t REG DWORD  d 0  f   While UAC is enabled  make sure you run cmd as administrator

User · Answer

I just solved an identical symptom  by creating the registry value HKLM SOFTWARE Microsoft Windows CurrentVersion Policies system LocalAccountTokenFilterPolicy and setting it to 1  More details are available here

User · Answer

I had a case where AV was quarantining Psexec - had to disable On-access scanning

User · Answer

I found Sophos kept placing psexec exe into the Quarantine section   Once I authorized it  it ran fine

User · Answer

For anybody who may stumble upon this  There is a recent  Dec 2013  Security Update from Microsoft Windows on Windows 7 that is preventing remote execution   See http   support microsoft com kb 2893294 en-us  I uninstalled the Security Update by going to Control Panel Programs Programs and Features Installed Updates  It worked right after that

User · Answer

This helped in my case   cmdkey exe  add  lt targetname gt   user  lt username gt   pass  lt password gt  psexec exe    lt targetname gt   lt remote command gt

User · Answer

Hi i am placing here a summary from many sources online for various solutions to  access is denied    most information can be found here  including requirements needed  -  sysinternal help   as someone mentioned add this reg key  and then restart the computer       reg add HKLM SOFTWARE Microsoft Windows CurrentVersion Policies system    v LocalAccountTokenFilterPolicy  t REG DWORD  d 1  f   Read this knowledge base article to learn what this does and why it is  needed  Disable firewall  note - this will leave you with out any firewall protection       netsh advfirewall set allprofiles state off  if target user has a blank PW and you dont want to add one  run on target        HKEY LOCAL MACHINE SYSTEM CurrentControlSet Control Lsa     LimitBlankPasswordUse  dword 00000000  This didnt work for me  but i have read it did for others in a few places   on target execute      Start -  Run -  secpol msc -  Local Policies -  Security Options -  Network Access  Sharing   and security model for local accounts   Classic     local users authenticate as themselves   if already in  Classic       move to  Guest only -     run from elevated command prompt gpupdate  force   move back to  Classic -     again  run from elevated command prompt gpupdate  force  This one solved my issue      run on target from elevated command prompt  net use  look at ouput chart and for shares listed in remote column there  i only deleted the disconnected ones - you can try them all   run  net use  remote path from before list   delete  then run  net use  target Admin   user  user name   enter prompt password request  if empty PW just press enter   viola should work     good luck  hope this saves someones time

User · Answer

I just added  -   parameter  It makes Psexec copy executable to remote machine  So it works without access errors

User · Answer

You can try the command  net use   computername ipc   user adminname password   to get admin permissions on remote PC before use psexec

User · Answer

On Windows Server 2012 R2 I had trouble to run from user account  psexec -u administrator -p password   machinename -h -s -d -accepteula cmd exe   But it works fine if you run without parameters -h -s  That s why I use this to solve my trouble   psexec -accepteula -u administrator -p password   machinename  PathToLocalUtils  psexec exe -h -s -d  cmd exe

User · Answer

For a different command I decided to change the network from public to work  After trying to use the psexec command again it worked again  So to get psexec to work try to change your network type from public to work or home

User · Answer

I had the same problem  And after a hard work  I found a easy and full solution    I use runas to run the script in a admin account I use the -s parameter in psExec to run in a system account Inside the PsExec  I login again with a admin account You can use  amp  to run multiples commands Remember to replace  USERNAME    PASSWORD    COMPUTERNAME    COMMAND1  and  COMMAND2  with the real values   The code looks like this   runas  user  USERNAME   psexec -e -h -s -u  USERNAME  -p  PASSWORD     COMPUTERNAME  cmd  C  COMMAND1   amp   COMMAND2      If you whant to debug your script in the another machine  run the following template   runas  user  USERNAME   psexec -i -e -h -s -u  USERNAME  -p  PASSWORD     COMPUTERNAME  cmd  C  COMMAND1   amp   COMMAND2   amp  pause

User · Answer

I found another reason PSEXEC  and other PS tools  fail - If something     say  a virus or trojan  hides the Windows folder and or its files  then PSEXEC will fail with an  Access is Denied  error  PSLIST will give the error  Processor performance object not found on   and you ll be left in the dark as to the reason     You can RDP in  You can access the admin  share  You can view the drive contents remotely  etc  etc   but there s no indication that file s  or folder s  being hidden is the reason   I ll be posting this information on several pages that i was perusing yesterday while trying to determine the cause of this odd problem  so you might see this elsewhere verbatim - just thought I d put the word out before anyone else pulled their hair out by the roots trying to understand why the performance counter has anything to do with PSEXEC running

User · Answer

The following worked  but only after I upgraded PSEXEC to 2 1 from Microsoft       HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies System     LocalAccountTokenFilterPolicy  dword 00000001 See    http   forum sysinternals com topic10924 html   I had a slightly older version that didn t work   I used it to do some USMT work via Dell kace  worked a treat

[access-denied] PSEXEC, access denied errors

Examples related to access-denied

Examples related to psexec

Examples related to windows-scripting