7

When I run the following command from an Administrative Command Prompt:

psexec64 -i -u "nt authority\network service" C:\Windows\System32\cmd.exe

I'm getting these error messages:

Couldn't install PSEXESVC service:
The operation completed successfully.
Error establishing communication with PsExec service on MYPC:
The operation completed successfully.

I'm running this on Windows 7 x64 SP1. The PSEXESVC service is installed and running. I get the same results when using the 32-bit version of psexec.

Any ideas how to fix this problem?

I say Reinstate Monica
  • 25,487
  • 19
  • 95
  • 131
user626528
  • 918
  • 6
  • 19
  • 40
  • Can you get by without using the `-i` switch, if that makes a difference? – I say Reinstate Monica Jan 05 '18 at 19:49
  • I just ran your command example and it worked. It took a really long time to connect to my local machine. Maybe your user account doesn't have the correct permissions. It's possible that security software is stopping this questionable behavior from completing. – HackSlash Jan 05 '18 at 20:01
  • Also, it installed the service, ran, and then deleted the service when it was done. Maybe you can't have two services running at the same time. – HackSlash Jan 05 '18 at 20:02
  • If you want to become System, use the `-s` parameter. – harrymc Jan 05 '18 at 20:34
  • @Twisty Impersonator, no. – user626528 Jan 05 '18 at 21:04
  • 1
    @HackSlash, it's an Administrator account. Antivirus is disabled. The same errors. – user626528 Jan 05 '18 at 21:04
  • @harrymc, the same error. – user626528 Jan 05 '18 at 21:07
  • Reboot in safe mode and try again. – HackSlash Jan 05 '18 at 22:04
  • @HackSlash, no success. – user626528 Jan 05 '18 at 23:01
  • How about including the `-h` switch/parameter? Read over https://docs.microsoft.com/en-us/sysinternals/downloads/psexec but it states for `-h` "*If the target system is Vista or higher, has the process run with the account's elevated token, if available*" give that a simple shot if you've not already. – Vomit IT - Chunky Mess Style Jan 06 '18 at 00:48
  • @IT Snuggles, I want to run it with lowered rights, rather than elevated. – user626528 Jan 06 '18 at 04:05
  • Okay then simply try running the `psexec64 -i -u "nt authority\network service" C:\Windows\System32\cmd.exe` from a right-click run as administrator elevated command prompt and see if that does what you expect. You might simply need to run the psexec command initially elevated somehow whether that be from an elevated command prompt first, a saved credential with elevated permissions, elevated right click run as administrator batch script or perhaps a saved shortcut with applicable settings set to have privilege level set to Run this program as administrator, etc. – Vomit IT - Chunky Mess Style Jan 06 '18 at 06:18
  • So while the initial psexec command may need to run elevated the subsequent and correlated command prompt window or whatever will only be allowed to run commands as the `-u` switch credential and only be able to perform commands or whatever which it has permissions and in this case that's the `nt authority\network service` account. – Vomit IT - Chunky Mess Style Jan 06 '18 at 06:22
  • @IT Snuggles, that's how it was already done, see the question description. – user626528 Jan 06 '18 at 16:30
  • @IT Snuggles, the `-h' key didn't change nothing. – user626528 Jan 06 '18 at 16:32
  • 1
    Look over this post and see if you see anything helpful or related in it then: https://stackoverflow.com/questions/31683374/psexec-fails-to-run-locally-error-establishing-communication-with-psexec-servic. I'm not able to reproduce this error you get up top but that post seems to have some detail related to the issue I suppose. – Vomit IT - Chunky Mess Style Jan 06 '18 at 16:37
  • Must be something wrong with my Windows installation. The error messages aren't much useful, though. – user626528 Jan 08 '18 at 22:45
  • @IT Snuggles, no success with sfc. – user626528 Jan 12 '18 at 16:14
  • Try the solutions from the answers people provided and provide some feedback on those. Seems to be a permission related issue so look in Event Viewer from the machine it is failing to run against. Also per that other post I left in a comment, ensure the dynamically created exe which the service process points to is not duplicated, trying to be created in a dir which you have no access, etc. on the Windows install. I'm simply just not able to recreate this issue to get the exact same errors as your question lists so I'm not sure other than that post link I provided at this point. – Vomit IT - Chunky Mess Style Jan 12 '18 at 16:24

3 Answers3

1

As a workaround, try omitting the -i (interactive) switch, making the new syntax:

psexec64 -u "nt authority\network service" C:\Windows\System32\cmd.exe

According to PSExec's help for this switch:

Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.

With the -i switch you would normally get the new Command Prompt in a separate window. Without it, a separate window won't appear, but you'll still get connected to the new CMD.EXE process running in the context of the NT Authority\Network Service user account. You can verify this by running WHOAMI at the prompt.

I say Reinstate Monica
  • 25,487
  • 19
  • 95
  • 131
0

First I would try to run a local elevation with:

Does that work for you?

"c:\your_path\psexec.exe" -i -s cmd.exe OR "c:\your_path\psexec64.exe" -i -s cmd.exe

You should get something like:

C:\Windows\system32>whoami /user

USER INFORMATION
----------------

User Name           SID
=================== ========
nt authority\system S-1-5-XX

I have tried it on my computer which is in domain:

C:\app\tools\Sysinternals Suite>psexec -i -u "nt authority\network service" C:\Windows\System32\cmd.exe

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Couldn't install PSEXESVC service:
The network name cannot be found.

Make sure that the admin$ share is enabled.

C:\Windows\System32\cmd.exe exited on XXXX with error code -1073741510.

Producing:

Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>whoami /user

USER INFORMATION
----------------

User Name                    SID
============================ ========
nt authority\network service S-1-5-XX

My guess based on this is that the message Couldn't install PSEXESVC service: is connected to your network name.

Does it work for you if you try it this way?

"\\computer.domain.com\C:\app\tools\Sysinternals Suite\psexec.exe" \\computer.domain.com -u "domain\username" -p "passwd" -e -s cmd.exe

tukan
  • 1,752
  • 12
  • 19
0

On my up-to-date 64bits French W10 , what works is networkservice without space :

psexec -i -u "nt authority\networkservice" cmd.exe

I hope i may help some of you.

user1191392
  • 1