How to Execute Commands on a Remote Computer (PsExec) in Batch Script
One of the most powerful capabilities for any system administrator is the ability to run commands on a remote computer as if you were sitting right in front of it. This is essential for remote management, software deployment, and automated maintenance across a network. While Windows has no single, built-in command for this (cmd.exe is a local shell), the definitive tool for this job is PsExec.
This guide will introduce you to PsExec, explain the critical prerequisites for it to work, and teach you how to use it from a batch script to execute commands on remote machines.
What is PsExec? (and where to get it)
PsExec is a lightweight command-line tool that is part of the legendary Sysinternals Suite, created by Mark Russinovich at Microsoft. It does not need to be installed on the remote machine. When you run it, it temporarily copies a small service to the remote computer, executes your command, streams the output back to your console, and then removes the service, leaving the remote system clean.
Where to get it:
- PsExec is not included with Windows by default.
- You must download it as part of the Sysinternals Suite from the official Microsoft website: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
- For your script to find it,
psexec.exemust be in your system'sPATHor in the same directory as your batch script.
CRITICAL: Prerequisites for Using PsExec
For PsExec to connect to a remote machine, several conditions must be met:
- Administrator Privileges: You must run your script from an account that has local administrator rights on the remote machine.
- Network Connectivity & Firewall: The "File and Printer Sharing" firewall rule must be enabled on the remote machine. This allows traffic over TCP port 445 (SMB), which PsExec uses to communicate.
- Admin$ Share: The hidden
admin$administrative share must be enabled and accessible on the remote machine. This is the default on Windows Pro and Server editions.
If any of these are not met, PsExec will fail, most often with an "Access is denied" error.
The Core Command Syntax
The basic syntax for PsExec is straightforward: psexec \\ComputerName [options] command [arguments]
\\ComputerName: The name or IP address of the remote machine.[options]: Switches to control how PsExec behaves (e.g., providing credentials).command: The command you want to run on the remote machine.
Basic Example: Running ipconfig on a Remote Machine
This is a simple, safe way to test your connection. It runs the ipconfig command on a remote server named WEB-SRV-01.
@ECHO OFF
ECHO --- Getting IP Configuration from WEB-SRV-01 ---
ECHO.
psexec \\WEB-SRV-01 ipconfig
The output you see is from the remote machine, streamed back to your local console.
--- Getting IP Configuration from WEB-SRV-01 ---
PsExec v2.40 - Execute processes remotely
...
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . : mycorp.local
IPv4 Address. . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Key PsExec Parameters Explained
| Switch | Name | Description |
|---|---|---|
-u <username> | User | Specifies an alternative username to authenticate with on the remote machine. |
-p <password> | Password | Specifies the password for the username. (See security warning below!) |
-s | System | Runs the remote process as the powerful NT AUTHORITY\SYSTEM account. |
-i | Interactive | Runs the program so it can interact with the desktop of the logged-on user. |
-d | Detach | Runs the command and detaches immediately. Does not wait for the command to finish. |
-c | Copy | Copies the specified executable to the remote machine for execution. |
CRITICAL SECURITY WARNING: The Dangers of the Password Switch
It is extremely bad practice to use the -p switch to provide a password in a batch script.
- The password is stored in plain text inside your script file.
- The password will be visible in the command history.
- The password may be visible to other users in the system's process list while the script is running.
Best Practice: Do not use the -u and -p switches. Instead, run the batch script itself as a user who already has administrator rights on the remote machine (e.g., a Domain Admin). PsExec will automatically use your current user's credentials to authenticate, which is far more secure.
Common Pitfalls and How to Solve Them
'psexec' is not recognized...: Thepsexec.exefile is not in yourPATHor in the same folder as your script. Solution: Download it and place it in a location where your script can find it.- "Access is denied.": This is the most common runtime error. Solution: Verify all the prerequisites. Check that you are running the script as an administrator and that the firewall on the remote machine allows "File and Printer Sharing."
- The Command Hangs or Times Out: This is almost always a firewall issue. Solution: Ensure TCP port 445 is open between your machine and the remote machine.
Practical Example: A Remote Disk Space Checker Script
This script iterates through a list of servers and uses PsExec to run a command on each one to check for free disk space, creating a simple network-wide report.
@ECHO OFF
SETLOCAL
ECHO --- Remote Server Disk Space Report ---
ECHO.
FOR %%S IN (
WEB-SRV-01
DB-SRV-01
APP-SRV-01
) DO (
ECHO ==========================================================
ECHO Checking server: %%S
ECHO ==========================================================
REM Use psexec to run the command on the remote server.
REM Check the ERRORLEVEL to see if the connection succeeded.
psexec \\%%S fsutil volume diskfree c: > NUL 2> NUL
IF %ERRORLEVEL% EQU 0 (
psexec \\%%S fsutil volume diskfree c:
) ELSE (
ECHO [FAILURE] Could not connect to %%S. Check permissions or network.
)
ECHO.
)
ENDLOCAL
Conclusion
PsExec is the indispensable tool for remote command-line administration in a Windows environment. It allows you to turn a simple batch script into a powerful network management tool.
Key takeaways for using it successfully:
- PsExec is not built-in. You must download it from the official Microsoft Sysinternals site.
- You must meet the prerequisites: Administrator rights on the remote machine and the firewall allowing "File and Printer Sharing" (TCP 445).
- Avoid using the
-p <password>switch in scripts. Run the script as a user with the necessary privileges instead. - Use
%ERRORLEVEL%after apsexeccall to check if the connection and command execution were successful.