PSEXEC, access denied errors

access-denied psexec windows-scripting

While I'm using PSEXEC.exe getting 'Access denied' error for remote systems.

Any idea about how to solve this?


Solution 1:

Hi i am placing here a summary from many sources online for various solutions to "access is denied" : most information can be found here (including requirements needed) - sysinternal help

  1. as someone mentioned add this reg key, and then restart the computer :

    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

    Read this knowledge base article to learn what this does and why it is needed

  2. Disable firewall (note - this will leave you with out any firewall protection)

    netsh advfirewall set allprofiles state off

  3. if target user has a blank PW and you dont want to add one, run on target:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "LimitBlankPasswordUse"=dword:00000000

  4. This didnt work for me, but i have read it did for others in a few places, on target execute:

    Start -> Run -> secpol.msc -> Local Policies -> Security Options -> Network Access: Sharing > and security model for local accounts > Classic – local users authenticate as themselves

    if already in 'Classic':

    move to "Guest only - .." run from elevated command prompt gpupdate \force move back to 'Classic - .." again run from elevated command prompt gpupdate \force

  5. This one solved my issue:

    run on target from elevated command prompt "net use" look at ouput chart and for shares listed in remote column there (i only deleted the disconnected ones - you can try them all) run "net use [remote path from before list] /delete" then run 'net use \target\Admin$ /user:[user name]' enter prompt password request (if empty PW just press enter), viola should work.

good luck, hope this saves someones time.

Solution 2:

I just solved an identical symptom, by creating the registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy and setting it to 1. More details are available here.

Solution 3:

This helped in my case:

cmdkey.exe /add:<targetname> /user:<username> /pass:<password>
psexec.exe \\<targetname> <remote_command>

Solution 4:

PsExec has whatever access rights its launcher has. It runs under regular Windows access control. This means whoever launched PsExec (be it either you, the scheduler, a service etc.) does not have sufficient rights on the target machine, or the target machine is not configured correctly. The first things to do are:

  1. Make sure the launcher of PsExec is familiar to the target machine, either via the domain or by having the same user and password defined locally on both machines.
  2. Use command line arguments to specify a user that is known to the target machine (-u user -p password)

If this did not solve your problem, make sure the target machine meets the minimum requirements, specified here.

Related

how to use initializer to set up my multiprocess pool?
Command /Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang failed with exit code 1
How to keep the shell window open after running a PowerShell script?
Get random boolean true/false in PHP
Class extends React.Component can't use getInitialState in React
How to disable Firebase Crash Reporting when the app is running on debug?
Using state in react with TypeScript
How do you declare string constants in C?
How to use random forests in R with missing values?
How to set an HTTP proxy in Python 2.7?
Create a Vector of All Days Between Two Dates
Heroku: How can you check Heroku Error Logs?