PSExec Review: Free Security Testing and System Management Tool

The Challenge

System administrators and help desk personnel often need access to perform a quick lookup on a remote system. They might also want to check system status during script operation to determine if a required file or application exists and copy it to the target computer if it does not. On the other hand, security analysts want to know if devices are vulnerable to these activities when attempted by unauthorized personnel. A useful tool for both challenges is PSExec, a utility from Microsoft Sysinternals. It is part of the PSTools suite, a free downloadable collection of security applications.

PSExec

PSExec is run from the command line. It's long list of optional parameters allow a great deal of flexibility. Click the following image to see the parameters and a short description of their use.

Figure 1: PSExec Parameters

Essentially, PSExec runs an application within the security context of either the currently logged on user or as a user provided during program initialization. The application shows up on the administrator's system without any notification to the remote user.

I conducted a short test on my test network. Using a Vista Home Ultimate desktop system, I attempted to run CMD.exe on my Windows XP SP2 laptop. It worked as advertised. Enlarge the following image to view the command line and the results as they appeared on my desktop. Note the remote system name and command executed in the upper left corner. A PSExec parameter can be used to shut down interactive sessions like this, allowing scripts to run unattended.

Figure 2: Command Line

Again, not only is this a great tool for administrators. It's also a good way to check for system vulnerabilities. Especially since this and other PSTools are integrated into malware from time to time. According to a note on the PSExec page,

Note: some anti-virus scanners report that one or more of the tools are infected with a "remote admin" virus. None of the PsTools contain viruses, but they have been used by viruses, which is why they trigger virus notifications.

This post is part of the series: Use SysInternals security utilities to manage network and system security

SysInternals provides free security utilities for managing Microsoft Windows networks and systems. Available for download from Microsoft, they provide a powerful set of applications for oversight and protection of network assets.
  1. Validate System Access with AccessChk
  2. Streamline Kiosk Operation with Auto-logon
  3. Enumerate Windows File and Folder Access with AccessEnum
  4. LogonSessions and PsLoggedOn to Oversee and Manage System Access
  5. Use Autoruns to Improve Performance and Identify Malware
  6. Manage, Monitor, and Kill Windows Processes with Process Explorer
  7. PSExec: Free Security Testing and System Management Tool
  8. PsLogList: Free Utility to Parse and Review Windows Logs
  9. Map System Configs with PsInfo
  10. Use SigCheck to Validate System Files