Archive: Use PSEXEC for mass client operations (when Config Manager isn’t available)

I’m sure most of you out there have heard of and used PSEXEC (it’s been around for a while). For those of you who haven’t, check out the entire PSTOOLS suite– it is an extremely powerful set of tools. In short, PSEXEC allows you to execute a command on a remote system. Of course, you must be an administrator on the remote system, but you can also throw a switch at PSEXEC to run as a different user (a service account, for instance). Another extremely useful feature of PSEXEC is the ability to run the same command for a list of systems.

I had a client recently where we needed to add an account to the local administrators on a large number of systems. Sure, there’s several ways to do this, but I didn’t want to rely on an old SCCM 2007 infrastructure to get this done, or set up a Group Policy and OU. PSEXEC was the most direct solution, and it is actually really simple. For a breakdown of the switches you can use with PSEXEC, check here.

Once you have downloaded the PSTOOLS, extract all of the executables somewhere easy to access from the command prompt. You’ll have to agree to the EULA on the first run of any of the files.

To start, you need to come up with the command you want to run on each system. To add a computer account to Local Admins of a local system, the command is:

net localgroup administrators /add domainuseraccount

Easy enough. Using PSEXEC, we can run this command for a remote system using the following command:

psexec.exe – s \targetsystem cmd /c “net localgroup administrators /add domainuseraccount”

Now for the cool part- we can feed PSEXEC a list of systems to run this command on. This could be hundreds or thousands of systems (note that PSEXEC will not multithread though- each command is run sequentially). To do this, we first need to create the list of systems. A text file with a system name on each line will do:


You might find it easiest just to put this list in the same directory as PSEXEC- that’s what I’m doing in this example. Here’s the command for running a command on a list of remote systems:

psexec.exe -s @systems.txt cmd /c “net localgroup administrators /add domainuseraccount”

There’s quite a few switches available with PSEXEC, so be sure to check out the rest. You can run command as a different user (-u), copy a file to execute remotely (-f), run a command under the system context (-s), etc. Hopefully you can think of some useful applications to use this for- I have had several.