Windows 7 psexec one liners

Jump to: navigation, search

Multiple commands on one line

Simplest way for simple commands

This will run locally - opens a new shell, echo a b c and pause.

psexec -e cmd /c echo a & echo b & echo c & pause

For more advanced things later on you really need to enclose in braces

psexec -e cmd /c (echo a ^& echo b ^& echo c ^& pause)
  • Note, & will always run the next command (^& is escaped &), using && will only run if previous exists ok (would write escaped as ^&^&, in above).

Multiple commands split over multiple lines

This will run locally - opens a new shell, echo a b c and pause. (To use remotely add \\hostname and remove the & pause ^ line.)

psexec -e cmd /c (echo a ^
& echo b ^
& echo c ^
& pause ^
  • Note, the ^ escapes the end of the line and the next character, so it is the same as the above example (becomes just ^&)

Multiple commands, lines, escapes

Correctly grant Everyone Modify access to a folder on a remote machine with hostname "mymachine", in this case used inside a batch file.

psexec -e \\mymachine cmd /c (^
mkdir c:\localapp\Common ^
& mkdir c:\localdata\Common ^
& c:\temp\icacls.exe c:\localapp\common /grant Everyone:^^(OI^^)^^(CI^^)^^(M^^) ^
& c:\temp\icacls.exe c:\localdata\common /grant Everyone:^^(OI^^)^^(CI^^)^^(M^^) ^

Single line FOR loop

Batch FOR loop with psexec, this is remotely registering 32bit .OCX files in 64bit Windows 7's syswow64 folder for backwards compatability with old apps.

  • Note escaped brackets
  • Note double percentage %% , not single % (as batch)
psexec -e \\mymachine cmd /c (FOR /F "delims=" %%f IN ^('dir /b c:\windows\syswow64\MSC*.OCX'^) DO ^( c:\windows\syswow64\regsvr32.exe /s "c:\windows\syswow64\%%f" ^))

Run commands after psexec communication terminates

This runs detached (dont wait for process to terminates, -d) because otherwise communication will end when firewall is turned off and psexec exits (Win 7 behaviour), stopping firewall being able to be restarted.

psexec -e -d \\%h% cmd /c (net stop mpssvc ^& net start mpssvc)


In a IF THEN statement you can use delayed expansion to get around variables with parenthesis in.

(This matters if say you had reference to a path variable with c:\Program Files (x86) in it)

set a=is () a
if [test] == [test] (
	echo this %a% test
a was unexpected at this time.
if [test] == [test] (
	echo this !a! test
this is "()" a test

::BUT this doesn't work in psexec because it isn't double escaped? 
psexec -hes \\gl-test cmd /c ( echo this %a% test )
a was unexpected at this time.
psexec -hes \\gl-test cmd /c ( echo this !a! test )
a was unexpected at this time.

::quoting the echo does work though (can then use %a% or !a!)
set a=is "()" a
psexec -hes \\gl-test cmd /c ( echo this %a% test )
this is "()" a test

Installing things under a SYSTEM account eg via SCCM

Sample batch file,

  • Note using "psexec -s" to emulate a SYSTEM account install on local machine, this would be removed on a live one.
@echo off
::Run from UNC share, will need SYSTEM Account access
"%~dp0psexec.exe" -s msiexec /i "%~dp0The Raisers Edge.msi" TRANSFORMS="%~dp0raiser.mst" /q
"%~dp0psexec.exe" -s cmd /c ("%~dp0owc11.exe" /quiet)
"%~dp0psexec.exe" -s cmd /c (^
copy /y "%~dp0Patchpackage.msp" ^%%temp^%% ^
& copy /y "%~dp0BBPatch.exe" ^%%temp^%% ^
& pushd ^%%temp^%% ^
& msiexec /p ^"^%%temp^%%\Patchpackage.msp^" /q ^
  • Note
  1. running from a UNC, %~dp0 will be the path. (Dont use a mapped drive as the system account wont have it mapped)
  2. command processor shell (cmd /c) needed to run non 'core' programs.
  3. the escaped ^%%temp^%% variable is the SYSTEM's account temp folder. (It would be ^%temp^% if running directly on command line rather than batch)
  4. patch needs files copying to a local location to run (hence copy and push). IF NOT you will get a "One of the files has an invalid certificate, File: c:\Windows\system32\BBPatch.exe Invalid or no signature" (1602 error)

Remotely add a user to Win7

Sample section from a .bat adding an administrator account to a local machine with password xxxxx and setting it to never expire

psexec -e \\%h% cmd /c (^
net user localadmin1 /delete ^
& net user localadmin1 xxxxx /add ^
& net localgroup Administrators localadmin1 /add ^
& net localgroup Users localadmin1 /delete ^
& wmic useraccount where "Name like '%%localadmin1%%'" SET PasswordExpires=FALSE ^
  • Note %%localadmin1%% would be %localadmin1% on command line

Remotely installing Office 2010 language packs

This was quite a fun little challenge , I made a little .bat menu system to pick the office 2010 language, then it copied and ran it remotely.

1)copy file 2)extract pack 3)create the xml 4)setup the language pack.

main run loop

xcopy /i /c /r /s /y "%~dp0%pack%.exe" "\\%h%\c$\temp\"
psexec -e \\%h% cmd /c (^
 "c:\temp\%pack%.exe" /extract:"c:\temp\%pack%" /quiet /passive ^
& echo ^^^<Configuration Product="OMUI.%lang%"^^^>^^^<Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" /^^^>^^^</Configuration^^^> ^> "c:\temp\%pack%\Config.xml" ^
& "c:\temp\%pack%\setup.exe" /config "c:\temp\%pack%\Config.xml" ^
  • Note, the triple ^'d escapes on an enclosed echo to escape the left and right angle brackets (<>'s) from the xml and single escaped redirect angle bracket.
  • Note the SPACE prefix on the line after the "cmd /c (^" line, i.e. " c:\temp" . I don't understand why this was needed but you get errocode 1 if not. If anyone knows post a comment please!

DOS OneLiner

Strip a or b or c characters from string, e.g to strip 101b to just be 101, for a GEQ LEQ numerical evaluation. Note white spacing between each.

set m=75b
set m=!m:a=!& set m=!m:b=!& set m=!m:c=!
echo %m%


blog comments powered by Disqus