PsTools Tutorial: Automating IT Tasks Without an Agent Sysadmins often need to manage remote Windows systems quickly. Installing management agents on every machine takes time and resources. Microsoft’s PsTools suite solves this problem by allowing agentless, command-line administration over the network. What is PsTools?
PsTools is a collection of free command-line utilities developed by Mark Russinovich for Sysinternals (now part of Microsoft). Unlike heavy management software, these tools do not require any software installation on the target machines. They leverage built-in Windows network protocols to execute commands, manage processes, and view system information remotely. Prerequisites for Agentless Management
Before using PsTools, your network and firewalls must allow remote administration traffic. Ensure the following settings are active on your target machines:
Network Connectivity: File and Printer Sharing must be enabled. Firewall Ports: TCP port 445 (SMB) must be open.
Credentials: You need administrative privileges on the remote machine.
Registry Setting: For non-domain environments, disable LocalAccountTokenFilterPolicy by setting its DWORD value to 1 under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. Core PsTools Utilities and Examples 1. PsExec: Remote Command Execution
PsExec is the most popular tool in the suite. It lets you run commands on a remote system as if you were sitting at the console.
Open a remote command prompt:psexec \RemoteComputer cmd.exe
Run an installer silently on a remote machine:psexec \RemoteComputer -s msiexec.exe /i “\server\share\installer.msi” /quiet(The -s switch runs the process using the system account). 2. PsService: Manage Windows Services
Instead of opening the heavy Services GUI snap-in, use PsService to view, start, stop, or configure services remotely.
Check the status of a service:psservice \RemoteComputer status “wuauserv”
Restart a frozen service:psservice \RemoteComputer restart “Spooler” 3. PsKill and PsList: Process Management
When a remote application freezes, you can hunt it down and terminate it without interrupting the end-user.
List running processes with memory usage:pslist \RemoteComputer
Kill a non-responsive process by name:pskill \RemoteComputer notepad.exe 4. PsInfo: Gather System Data
PsInfo quickly harvests basic hardware and software details from a remote system, including uptime, OS version, and installation date. Fetch basic system details:psinfo \RemoteComputer
List installed software on the target:psinfo \RemoteComputer -s 5. PsShutdown: Remote Power Actions
Rebooting or shutting down remote servers and workstations is a daily task for IT pros. PsShutdown gives you full control over timing and user notifications.
Reboot a server in 60 seconds with a warning message:psshutdown \RemoteComputer -r -t 60 -m “System updates require a reboot.” Automating Tasks via Batch Scripting
The true power of PsTools shines when you combine it with scripts to target multiple machines at once. You can create a text file containing target computer names (e.g., computers.txt) and loop through them.
Here is a simple batch script example to flush DNS and restart the DNS client service across multiple machines:
@echo off for /f %%i in (computers.txt) do ( echo Processing %%i… psexec \%%i ipconfig /flushdns psservice \%%i restart “Dnscache” ) pause Use code with caution. Security Best Practices
Because PsTools is highly powerful, attackers sometimes abuse it for lateral movement in compromised networks. Protect your environment by following these rules:
Encrypt Credentials: Avoid typing plaintext passwords in your command lines using the -p switch. Run your command prompt as a different user (RunAs) before executing PsTools.
Monitor Usage: Enable command-line auditing to track PsExec executions across your network.
Restrict Access: Block TCP port 445 between workstations to ensure PsTools can only be run from designated management servers.
PsTools remains an indispensable asset for IT professionals who need immediate, lightweight control over Windows networks. By mastering these utilities, you can automate repetitive troubleshooting and maintenance tasks instantly, saving valuable time without the overhead of heavy software deployment.
To help adapt this tutorial to your specific needs, tell me:
Do you operate in a Windows Domain or a Workgroup environment? What specific IT task are you trying to automate right now? Do you prefer Batch scripts or
Leave a Reply