OWExec is my version of PSEXEC that has one significant difference, when you run a program using owexec is runs using the user name of the logged in user as opposed to your user name. This has a lot of advantages from protecting your account from the target (end user) you are trying to annoy in case they are smart enough to use whatever you have run in a nefarious way. Second it helps cover your tracks if you are popping up annoying things, they cant just check task manager and see who the process belongs to. Finally there are actually numerous good uses for this as a system administrator or computer programmer like opening up a process on an end users computer for them that needs their permissions.
Anyways on to the usage, this is not nearly so fleshed out as psexec for obvious reason (i wrote it last night). But here is the syntax.
USAGE
owexec v-1.1 USAGE
owexec -c computername -k command [ -p parameters ] [ -u domain\user ] [ -copy ]
[ -nowait ]
-c the computer host name or ip of the target computer
-k the command to be run, relative to the destination
computer. ex: c:\windows\system32\notepad.exe
-p the parameters to pass to the program, optional
-u the user whose context the program should be run in
if ommitted the first user that is found will be used
-copy finds the command referenced with -k on the local
machine and copies it to the comptuer referenced in
-c on the admin$ share then runs it from there
-nowait does not ask to press a key when the program finishes
download the current version at officewarfare.net
the -u (user) and -p (parameter) fields can be left off but the computer and command parameters are required. Obviously if you leave -p off there will be no parameters passed to the command you choose and if you leave -u off it will just use the first user it can find that is logged on. Further users must be in domain\user format to match, it is often easier to just leave this off unless multiple users are logged on.
Last but not least this requires .net 2.0 on both the source and destination computers because I am lazy, it also uses WMI to get the programs running.
Change Log
–Update 10/5/2009: Fixed a problem people have been encountering when passing multiple parameters
–Updated 04/04/2009 : added -copy and -nowait flags.
Download
Archive
Tips
User Jo came up with this tip for getting net use data off of a remote computer. This batch file and method could be modified and used to get other interesting and useful information. Thanks Jo.
————– create FindNetUse.bat file ————- @echo off REM get net use net use > c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt” copy c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt j:\share\ del c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt ——————————————— run the owexec command with -copy parameter: owexec -nowait -k “NetUseRemoteBatch.bat” -copy -c “PC123″34 comments
34 Comments so far
Leave a comment
I’m not sure if I have encountered an issue or not. I have tried using owexec as you show it for launching the arrangebyimage.exe on a remote PC. It doesn’t seem to send the arguments properly. I’ve run the following command
c:\owexec.exe -c *targetcomputer* -k c:\arrangebyimage.exe -p “-bmp c:\background.bmp -silent” -nowait
If I change the arguments around it only seems to get the first arguemnt no matter what. I took the source code for the arrangebyitem and put in some message boxes to display the arguments as the program starts and when it starts the only argument is -bmp or whatever arguemnt I send first. I executed the program remotely using psexec and the arguments work as do they when I run the app locally on the machine using:
c:\owexec.exe -bmp c:\background.bmp -silent
I’ve copied the application and image file to the remote PC first. I could be doing something wrong, if so please let me know. I also wrote a small app that just gives me the arguments it was started with. I launched it remotely with owexec with multiple arguments and could only ever get 1 argument to pass correctly.
Thanks
Joshua,
Thanks for the info and sorry for the long response time, I belive the problem with passing parameters has been fixed in this new version, give it a try and let me know.
Hi,
There is no password option, how can I use this tool to execute a program on different system(domain).
@prakash
If you want to authenticate as a different user i recomend the “runas” command that is built into windows. However for most things this tool is useful for you dont need that since the most useful thing about this tool is that it will run a program as someone else without their password, you just have to have admin rights on the box they are logged into.
How do i use this owexec to add my username into admin rights on remote computer
ex:
A( domain account ) –comp1 admin
B ( domain account )–comp2 admin
I want A to be administrator of comp2 ..how do I use owexec
whenever to I execute owexec I get this
installing service remotely
Admin$ Share Not Shared: Not Found
Press any key to close
though admin$ is shared still I get firewall is OFF..
Hi prakash,
Thank you for your work on this program.
Using it, I am attempting to remotely read the %logonserver% variable on machines in our network.
In testing, I am just using a basic “ipconfig” command until I have the basics of the program down, but basically I am just looking to execute remote commands (in the current user’s account) and see the results of the command. I am having trouble seeing the results.
On two side-by-side computers,I have tried:
owexec -c -k ipconfig
I can see the command window pop up on the target machine and momentarily display the info on the target machine, but it never displays information on my pc.
owexec -c -k ipconfig -p ” > c:\owtest.txt”
The window pops up on the target machine and remains blank, but it never creates the file on the target machine.
owexec -c ilc184 -k echovar.bat -copy
where “echo.bat” contains a single command such as “echo %logonserver% > C:\owtest.txt”
and I see the window pop up on the target machine, but it still doesnt create a file.
Is there a way to accomplish this?
Thanks,
Keith
PS.
Is there a way to keep it from popping up a window on the target machine?
thanks again
Keith
Keith,
If i execute a command like so
owexec -c “testcomp” -k “echo.bat” -copy
where echo.bat contains
ipconfig > c:\test.txt
it creates a file on the c drive called test.txt that contans the output of ipconfig. I also jsut treid it with echo %logonserver% ect in the bat file and it worked. I would make sure that the bat file and owexec are in the same folder on the local machine, then try again. Also it is unlikely related but you said the file was echo.bat but then your command is echovar.bat.
For your second question, about the window poping up, there isnt an option at the moment but I will look at adding one.
Hi Josh,
Thanks for getting back so quick! Wow, thats impressive!
here is a shot of the exact command I tried and the results:
C:\>owexec -c “ilc184″ -k “echovar.bat” -copy
installing service remotely
Error installing the service
Press any key to close
I also tried “ilc184.(name).com” and “(ipaddress)”
echovar.bat contains only 1 active line(besides @echo off”:
echo %logonserver% > c:\logonserver.txt
yet when I go back to the striaght-foraward “owexec -c ilc184 -k ipconfig” it’s fine
here are some other attempts I made:
***********
**
**C:\>owexec -c “ilc184″ -k “echo.bat” -copy
**installing service remotely
**Ping Failed
**Admin$ Share Not Shared: Not Found
**Press any key to close
**
**C:\>owexec -c “ilc184.(name).com” -k “echo.bat” -copy
**installing service remotely
**Ping Failed
**Admin$ Share Not Shared: Not Found
**Press any key to close
**
**
**C:\>owexec -c “(ipaddress)” -k “echo.bat” -copy
**installing service remotely
**Ping Failed
**Admin$ Share Not Shared: Not Found
**Press any key to close
**
**C:\>owexec -c ilc184 -k “echo.bat” -copy
**installing service remotely
**Error installing the service
**Press any key to close
**************
any ideas?
Thanks,
Keith
Keith,
That is strange, it is acting like you dont have admin priviledges to the remote comptuer, or that you cant talk to it over the network. Can you type in \\ilc184\admin$ and see the admin$ share on that computer?
Yes,
I also discovered that removing the -copy eliminates the errors. However even though I copied echovar.bat to \\ilc184\c$, and the command ran clean, it didn’t produce a file
thanks again,
me
And presumably if you run the batch file on the machine locally (on ilc184) it does create the file so we know that the batch file is writen correctly.
quite true…
I even tried logging in to both machines using the same domain account….
thx,
me
for grins I tried executing it with psexec and it ran and created a file – just not with any worthwhile information…
thx again
me
I have found a very ugly way to get the job done.
owexec -c ilc184 -k regedit -p “/e c:\logonserver2.txt hkey_current_user”
and then pipe the results through findstr
but it creates a 32mB file and it’s ugly all around. I couldn’t get
owexec -c ilc184 -k regedit -p “/e c:\logonserver2.txt hkey_current_user\Volatile Environment”
to work because of the space in “Volatile Environment”
Thx,
keith
Keith,
I am going to look into a way to add piping directly into the command switches, maybe we can handle this more beautifully. I will look into it tonight and get back to you in the morning.
Thanks, You da man, as Fred from scooby do would say….
Keith
I like your software, Josh!
Really handy…just small correction, for version 1.2, I think you forgot to update the help text from “owexec v-1.1 USAGE” to “owexec v-1.2 USAGE”
Also, similar issue with Keith,
I’ve been trying to check net use of remote PC, by using the following command:
“owexec.exe -c REMOTEPC1 -nowait -k “c:\windows\system32\net use > c:\aa.txt”"
The screen pop up on REMOTEPC1; but then it has error:
“System error 67 has occured. The network name cannot be found.”
But when I run the following command:
“owexec.exe -c REMOTEPC1 -nowait -k “c:\windows\system32\net use”
The screen pop up and show the correct share list on REMOTEPC1
==============================================
In contrary, if I run the following command:
“owexec.exe -c REMOTEPC1 -nowait -k “c:\windows\system32\notepad 1.txt”
the RemotePC1 opens up and ask to create new file 1.txt
Do you think it has something to do with net use command?
Thanks
Jo,
Thanks for the typo tip i will fix that next version.
As I understand it from the research I have been doing the problem with using > is that it isnt actually passed as a parameter to the command when you type that into a command window, it is actually parsed by cmd.exe. But when I create the process on the remote machine I am not invoking cmd.exe to execute it, i am Using WMI’s Win32_Process.Create which takes, an executable and a string for parameters. I am still looking into a way to just support this but I have been having a bit of trouble figuring it out.
However as I sat here typing this out it dawned on me you could do this
owexec -c “computer” -k “cmd.exe” -p “/c ipconfig > c:\test.txt”
Because then you are letting cmd handle piping.
Josh
That Works!!
Thanks
Keith
This is great, thanks for the updates, Josh!
I’ve been able to create batch to get every PC’s ‘net use’:
——————————————————
REM FindNetUse.bat
REM ==============
@echo off
owexec -nowait -k “cmd.exe” -p “/c net use > c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt” -c “%1″
owexec -nowait -k “cmd.exe” -p “/c copy c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt j:\share\*” -c “%1″
owexec -nowait -k “cmd.exe” -p “/c del c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt” -c “%1″
——————————————————
To run:
1. FindNetUse.bat PC123
2. it’ll run ‘net use’ on the remote PC (PC123)
3. save the result to remote PC under c:\ using filename: -PC123-NetUse.txt
4. move the result to “j:\share\” folder
5. delete the result from c:\ remote PC
Oh no, apparently, running the above batch script from computer A (user 1 login) to remote computer B (user 2 login) will produce the following file:
“user1-computerA-NetUse.txt”
instead of “user2-computerbB-NetUse.txt’
I think I need to do more research
Douch, silly me, this is what I need to do:
————– create FindNetUse.bat file ————-
@echo off
REM get net use
net use > c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt”
copy c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt j:\share\
del c:\%USERNAME%-%COMPUTERNAME%-NetUse.txt
———————————————
run the owexec command with -copy parameter:
owexec -nowait -k “NetUseRemoteBatch.bat” -copy -c “PC123″
Sorry for spamming your site, Josh, you can delete my 2 previous comments if you want
Jo,
No worries on the comments, I am just glad you are getting use out of the tool.
Hi, I work for a school. One of the teachers asked me if it was possible to create “internet switch” that would turn off/on the Internet in the lab. So that students would not be able to browse when the teacher was talking… So I wrote two vbs scripts. One called enableproxy.vbs and one called disableproby.vbs. The disable script also kills iexplore first. Those scripts work fine.
Now, I though owexec would be great to trigger the vbscript from the teachers machine. It works fine when I trigger batch files, but has an issue triggering vbscipts. Is that possible?
I also tried sending a bat file to the student workstation using owexec that called my remote vb script. I call the vbscript from the bat, like this:
cscript c:\disableproxy.vbs
Also, if I run the vbscript while logged on to the student workstation, as a student, everything works fine. The problem is that I can’t seem to get owexec to run my vbscript. Any ideas.
Also, can owexec take multiple computer names as targets?
I hope that makes sense, and look forward to hearing from you. Thanks for creating this utility. -Dave
dave: I can’t try at the moment but I will later. But try putting cscript in as the command and the vbscript as the parameter. And at the moment you can’t do more than one computer but your not the first to request it so I will look into adding it.
dave: i just tested this using a command like so
owexec -c computername -k “cscript” -p “c:\test.vbs”
make sure that the vbs is located on all of the computers. Also, I was thinking about it and I have an old tool i wrote that will execute a command on a batch of computers. I will double check and make sure it is functioning at least a little and upload it along with some instructions.
edit: I uploaded that program for doing batch executes.
Hey Josh, well it works perfectly now. Thanks so much for answering this thread so fast. The teacher is really happy that they can disable Internet Explorer so easily. I didn’t get around to trying LBU as I just added an owexec command for each computer in the batch file. it does one machine at a time, which is fine. Its like a wave of user frustration going through the lab. haha, I’m sure I’ll find another use for owexec again in the future. Its very useful.. Thanks again. Hmm, maybe I should start harassing my co workers with this thing..:)
Hi Josh,
Any chance you’d be willing to share the source for this? I’d like to incorporate your method of running as the user into a remote screenshot app I’m working on… running it using psexec will only generate empty bitmaps due to not being able to access the user’s session.
Thanks
I noticed that this program leaves the copied file on the computer after it has been ran. Is it possible to have owexec to delete the file?
Adam,
Good question i will look into it, sorry it took so long to reply i didnt get a notification of your comment. I will check it out and upload an update if i can make it work.
[...] OWExec [...]
Is there any possibility of the source being released? I’m extremely curious as to how you are able to access the user’s session with only the administrator password. Thanks
i just have to say..
THAAAAAAAAAAAAAANKKKKS!!! THIS SOLVE MY LIFE!!!
it was a nightmare for me to apply some changes to logged users!
apply changes made on printers on the fly for example!
incredible work…
can i suggest to you to add a donative banner?
thousands thanks!