PowerShell vs. PsExec for Remote Command execution

Posted by Jianpeng Mo/january 20, 2014

Monitoring and maintaining large-scale, complex, highly distributed and interconnected systems can be extremely challengin g for network administrators. Traditional IT management approaches is ill-equipped to handle the complexity of today ' s application architectures and DE ployment environments. It's common that's IT admin would support hundreds of machines in a enterprise network daily but have to physically r Un-to-individually in order to issue a simple command is not acceptable. Therefore, being able to execute system commands remotely without too much additional pre-configuration are always a welcom Ed and appreciated solution.

In the This blog post, we is going to discuss how to use the remote command execution tools, PowerShell and PsExec. We'll show how to use each of the these tools to remotely execute command line tools, using the OPSWAT products, oesis Diagn OSE and Metascan Client, for our examples.

Oesis diagnose is a troubleshooting tool for the Oesis project. It leverages oesis Local functionalities internally and provides necessary information and visibility to the OPSWAT engine Ering team. Metascan Client is a GUI based utility, connects to the Metascan server and performs On-demand scan function calls.

*these steps was provided under the assumption that the user domain was in a protected network and that the command is Bein G triggered by the system administrator.

PowerShell

Introduction:

PowerShell is provided by Microsoft as a replacement of the shell to bring advanced scripting to Windows. It provides full access to COM and WMI and enables administrator to perform system commands on both local and remote Windo WS systems. Previously, PowerShell is packaged as a separate add-on to Windows, marketed mainly to server administrators. Starting with Windows 7, PowerShell was now a built-in part of the operating system, giving this capability to all Windows Users.

Step by step usage for oesis diagnose:

2. On the remote machine, enable remote commands in PowerShell as instructed below:
   

   PS c:\windows\system32> Enable-psremoting-force_

4. On a local machine, add remote system to the trusted list in PowerShell as seen below:
   

   PS c:\windows\system32> Set-item Wsman:\localhost\client\trustedhosts-value 10.0.x.x_

6. On a local machine, set the execution policy to remote signed in PowerShell as below:
   

   PS c:\windows\system32> Set-executionpolicy Remotesigned_

8. Copy oesis Local Package (including the Oesis Diagnose.exe) to the remote machine.
9. On a local machine, create PowerShell script "Remotelaunchoesisdiagnose.ps1" as seen below:
   

   #Predefine Necessary Information $Username = "10.0.x.x\username" $Password = "Password" $ComputerName = "10.0.x.x" $Script = {C:\OESISLocalPackage\OesisDiagnose_V3.exe} #Create Credential Object $SecurePassWord = convertto-securestring -asplaintext $Password-force $Cred = new-object -typename "System.Management.Automation.PSCredential"-argumentlist $Username, $ Securepassword #Create Session object with this $Session = New-pssession-computername $ComputerName-credential $Cred #Invoke-command $Job = invoke-command-session $Session-scriptblock $Script Echo $Job #Close Session Remove-pssession-session $Session

11. On a local machine, launch "REMOTELAUNCHOESISDIAGNOSE.PS1" in PowerShell as seen below:
    

    PS c:\windows\system32>./remotelaunchoesisdiagnose.ps1_

13. The PowerShell script would is executed on the remote machine and launch oesis diagnose in the system. The result files would is generated on the remote machine.

Step by step usage for Metascan Client:

2. The same setup process as Step 1, 2 and 3 of the oesis diagnose example above.
4. Copy Metascan Client package to the remote machine.
5. On the local machine, create PowerShell script "Remotelaunchmetascanclient.ps1" as below:
   

   #Predefine Necessary Information $Username = "10.0.x.x\username" $Password = "Password" $ComputerName = "10.0.x.x" $Script = {C:\MetascanClientPackage\MetascanClient.exe server= "10.0.y.y:8008/metascan_rest" Auto_start=1 allowed_ Scan_levels=1} #Create Credential Object $SecurePassWord = convertto-securestring -asplaintext $Password-force $Cred = new-object -typename "System.Management.Automation.PSCredential"-argumentlist $Username, $ Securepassword #Create Session object with this $Session = New-pssession-computername $ComputerName-credential $Cred #Invoke-command $Job = invoke-command-session $Session-scriptblock $Script Echo $Job #Close Session Remove-pssession-session $Session

7. On the local machine, launch ' REMOTELAUNCHMETASCANCLIENT.PS1 ' in PowerShell as seen below:
   

   PS c:\windows\system32>./remotelaunchmetascanclient.ps1_

9. The PowerShell script would be executed on the remote triggers Metascan Client to scan against the Pre-setup Me Tascan server which is specified in the command line, and the scan result being generated on the remote machine.

Limitations:

Both the oesis diagnose and Metascan Client scan functions is able to being executed remotely via PowerShell, but PowerShell Fails to launch Metascan Client UI from the remote machine. This was because when remotely accessing a machine via PowerShell, an interactive desktop session was not started. For security reasons, the users can only see applications that is opened within their own interactive sessions. Basically every Windows operating system thinks it ' s a Terminal Server, but Windows does not want users opening applicatio NS that other users could possibly see. Windows assumes that multiple users would be using the machine, so it isolates these applications for a number of obvious s Ecurity reasons.

PsExec

Introduction:

PsExec is a command line tool allowing the execution of processes on a remote system and transfer the results of operation s to the local console. It has a long list of optional parameters, a great deal of flexibility for IT administrators. The key feature of PsExec is to allow users to run a script or application within the security context of either the Curre ntly logged on the user or as a user provided during program initialization.

Step by step usage for oesis diagnose:

1. Download PSTools from the below link, PsExec are part of the.
   • Http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
2. Copy oesis Local Package (including the Oesis Diagnose.exe) to the remote machine.
3. On the local machine, open the command prompt (cmd), go to the directory where the PsExec file is located.
4. On the local machine, execute the following command:
   

   C:\whereyousavepsexec>psexec.exe \\10.0.X.X-u username-p password C "\oesislocalpackage\oesisdiagnose_v3.exe_

5. PsExec would launch the oesis diagnose process on the remote machine using the credential which is provided above and Gener Ate the diagnose report in the system.

Step by step usage for Metascan Client:

1. The same setup process as Step 1 of oesis diagnose usage.
2. Copy Metascan Client package to the remote machine.
3. On the local machine, open command Prompt (cmd), go to the directory where the PsExec file exists.
4. On the local machine, execute the following command:
   

   C:\whereyousavepsexec>psexec.exe \\10.0.X.X-u username-p Password C:\MetascanClientPackage\MetascanClient.exe Server= "10.0.y.y:8008/metascan_rest" Auto_start=1 allowed_scan_levels=1_

5. PsExec would launch the Metascan Client process on the remote machine using the credential which is provided above. This would bring up the Metascan Client UI and the scan result would be generated to the remote machine.

Limitations:

PsExec does not natively come with the Windows operating system, the users of the download package Pstool Extra 1.6 Mb folder). PsExec does not provide a easy-to-do and users to access network resources on the remote machine, due to the input argument Being limited to characters. Some older versions such as v1.73 and v1.82 has Some serious problems with programmatic redirection of StdOut over named Pipes.

Notes:on the Microsoft website, it mentions the below statement "some anti-virus engines report that one or more of the T Ools is infected with a ' remote admin ' virus. " But, according to the latest scan result from Metascan Online, there were no antivirus engines detecting the Pstool PA Ckage as a threat.

Summary:

Both PowerShell and PsExec has some advantages and disadvantages for network administrators. When it comes down to it, there was really no good or bad choice between PowerShell and PsExec, it largely depends on which System Management tools IT administrators decide to select. The best option for novice users would is to use the PSEXEC option, considering it's the easiest to start out with and all OWS-run CLI based executables remotely and take advantage of the full feature set.

Announcement: Metascan client is now Metadefender client as part of our streamlined Metadefender Product Family. Check out the blog announcement to learn more.

PowerShell vs. PsExec for Remote Command execution