Sysinternals/Pstools

From aldeid
Jump to navigation Jump to search

Description

PsTools is a set of tools developed by Sysinternals for Microsoft Windows systems and is composed of:

  • PsExec: remotely execute commands
  • PsFile: remotely display open files
  • PsGetSid: display a computer or a user SID
  • PsInfo: show information about a system
  • PsKill: stop processes by name or ID
  • PsList: show details about processes
  • PsLoggedOn: show logged on users on locally and via resource shares
  • PsLogList: list and remove events logs entries
  • PsPasswd: change passwords
  • PsService: display and manage services
  • PsShutdown: stop and restart a computer
  • PsSuspend: stop processes

Installation

Pstools can be downloaded from this link: http://download.sysinternals.com/files/PSTools.zip

Uncompress in the directory of your choice (e.g. C:\pstools). It's also a good idea to add the path to the PATH environment variable.

Errors

While trying to remotely connect to a Windows 7 machine if you have an "access denied", it's because administrative shares are disabled by default.

To enable/disable administrative shares, add or modify a registry key as follows:

Windows XP

  • Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
  • Name: AutoShareServer (for servers) or AutoShareWks (for workstations)
  • Type: REG_DWORD
  • Value: 0 (disabled) or 1 (enabled)

Windows 7

  • Path: KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  • Name: LocalAccountTokenFilterPolicy
  • Type: REG_DWORD
  • Value: 0 (disabled) or 1 (enabled)

Remotely start the remote registry service

psexec \\machine -u administrator -p password svchost -k localservice

Comments

Retrieved from "https://www.aldeid.com/w/index.php?title=Sysinternals/Pstools&oldid=27399"