Thursday, August 8, 2013


Pstools is a utility originally come from window NT & Server2000 box tools and include 12 different

Tools inside it that we can use each one of them to accomplish our admin tasks more easily and much faster and that include examples like:

·         Run process on remote computers.

·         Terminate process on client’s computers.

·         Get information on machines.

·         Shutdown\restart machines. 

To work with those tools we need to use the “Command line” so that’s give us the “administrators” the option to create “.BAT” files that we can use in each time that  we need and save us the time to wroth the command all over again .

We can download this kit from the following

In this article I will explain what we can do with those tools and how we can use them to control complex environments. 

If we want to work with this tools kit we need to provide the correct credentials (Need to be local administrator on the machine that we work on).

The tools list:
·         PsExec – This tool provide us the ability to runs programs in local\remote computers.
We can use this tool with the following “important” switches:
\\computer – Here we can chose the computer that we want to use, in case that we have 100 computers in our organization we can create a list of computers in notepad and give the path to the file and not for a single computer


Psexec \\Path to notepad file.
In this case the command will work on all the computers that we specify in the notepad.
-U    - if we need to provide appropriate credentials on a remote computer we can use “-U”    switch for the user name account.

-P - if we need to provide appropriate credentials on a remote computer we can use “-p”    switch for user password.

Psexec \\computer  -u David –p qaz123
-C  - with this switch we can copy a program to a remote computer and execute the file on the specific machine .

Psexec \\D001  -c program.exe

Because we copy program from local computer to a remote computer we can use 2 more switches connected to the “C” switch.

-F – copy the file to the remote computer even if the file already exists.

-V – copy the file only if the file we want to use is newer then the same file on the remote computer.

So we can use it as follow:

Psexec \\dev01 –c –f  \ -v programe.exe

If the program that we need to execute a program that already exists in the remote computer we need to specify the program path as follow:
Psexec \\D001  "c:\Program Files\program.exe"

                                    “The program path”

·       PsInfo - These tools simply do what he means “help us getting info on client computer”.

 The important switches that we need to use:

PsInfo \\dev01we going to get system information on the computers list that we specify.

 -Hwill show us all the hot fixes installed on the computer.

 PsInfo \\dev01 -H

-S  - here we can get all the applications installed on the remote computer.
                PsInfo \\dev01 –S

            -D  will show us disks information(Volumetype,Format,Name,Size,Free space)
PsInfo \\dev01 –D

·       PsShutdown with this tool we can simply shutdown local\remote computer with a simple syntax , here is the important switches :

-F  - this is nice switch that force the destination computer to close all applications without the options to save them like upends in regular shutdown.

-l  - just lock the user computer like we do with “cntrl+D”.

-R – Reboot destination computer.

-A – Disabled the “R” switch (only if we have time until the restart the default is 20 seconds).
-M “Text” – with this switch we create massage to a user when he sees the countdown until the restart.

-D – only suspend the destination computer.

-H – send destination computer to “Hibernate state”.

-K – simply power off destination computer.

-S – the destination computer will shut down without any other progress.

-C – the user that connected to the destination computer will have the ability to cancel the shutdown.  

-T – change the shutdown countdown (20 seconds in default).

·         PsFile  - offer us the options to see all files that open remotely  opened on   destination computer and also close them

-c - close the opened file (Off course we need to give the file location with “ID”).

-ID – identity of the file that we want the information.

-Path – we can give the path of the files that we want.

·         PsKill – This app help us to close local\remote process.

-T - kill the process that we specify.

-Process id or Name - here we need to give the process that we want to kill.


If we want to close user mspaint:

 Pskill \\Dev01  mspaint
      ·         PsList - show all process that the destination computer have.

 -Namegive information on a specific process.
                -M – Memory details of the process.

                -Dshow all information as thread .
                -T  - show process tree.

·         PsService - with this tool we can see and manage the servers on the destination computer .

-          Start – force specific service to go up.
-          Restart - – force specific service to stop and then start.
-          Stop – stoop the specific service that we ham for .
      -          Pause – make the service to pause.
-          Cont – this is the opposite from pause option.

Example :
If we want to stop the dns service all we need to do :

PsService \\ Dev01 Stop dns

·         PsPasswd – let’s say that we need to change 50 users password, in the regular term we will do it with the users & computers snap-in and it will take us a lot of time, but with this tool we can simply create a .BAT file that do all the work for us.

·         -Username here we put the account that we want to change the pass for.

·         -NewPassword  - here we put the new account password.

Example :

PsPasswd \\dev01 David 123QWEasd

·         PsSuspend –with this tools we can suspend system process that running and consuming resources on the machine .

 -process idwe can suspend the process with the ID of the process .

 -process name - we can suspend the process with the NAME of the process .

 -R    Start the suspend process.

 Example :

PsSuspand \\dev01 mspaint

 ·       PsGetsid – here we can get user or a machine SID number.

Examples :

Psgetsid  \\ Dev01 (Here we will get the machine SID)

Psgetsid  %username% (Here we will get the user SID)

No comments:

Post a Comment

My Presentations