After upgrading to a windows 7 VM at work, I was having trouble getting pstools commands to authenticate on remote machines. After much trial and error, I realized some curious behaviour with psexec. Obviously, when connecting to a remote machine, I would try to use the ‘-u’ switch to specify my administrative account, but would always get ‘access is denied’. Of course, all of the normal things should be checked: simple sharing turned off, $ADMIN share working… you know…

The issue was apparently that if I log into my workstation as a non-administrative user, but try to issue pstools commands as an administrator,  it fails because Microsoft wants me to log into my workstation and work logged with my domain admin account.

Take a look at this example using psexec:
On windows 7, running ‘cmd’ as your non-admin user, if you type in the command:

c:\Program Files (x86)\PsTools>psexec -u domain\domainadmin \\targetmachine cmd

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Password:
Could not start PsExec service on targetmachine:
Access is denied.

If you:

1. Hit start
2. Type “cmd”
3. Hold down ‘shift’ and right-click on the ‘cmd’ in the start menu
4. Select ‘run as different user’.
5. Type in your administrative credentials. Use the same ones you will use in the psexec command.

Now you should have your command line window open. If you run the same command as earlier:

c:\Program Files (x86)\PsTools>psexec -u domain\domainadmin \\targetmachine cmd

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Password:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Windows\system32>

Now you’re in!

I have been struggling with this for quite a while, and ran into a lot of issues with all of the different versions on our network. There are people with 100 line .vbs scripts to do this, and I think this is much simpler:

@echo off
REM
REM
REM    Detects winzip and silently uninstalls
REM    There is a un-stoppable pop-up window. so this will kill
REM    all instances of  IE after the UN-installation.
REM
REM
REM
taskkill /F /IM wzqkpick.exe
wmic product where "name like '%%winzip%%'" call Uninstall
REM
REM This section is for WinZip <12
REM
If Exist "%programfiles(x86)%\Winzip\winzip32.exe" GOTO 64
If Exist "%programfiles%\Winzip\winzip32.exe" "%programfiles%\WinZip\Winzip32.exe" /Uninstallx
taskkill /F /IM iexplore.exe
GOTO :END
:64
"%programfiles(x86)%\WinZip\Winzip32.exe" /Uninstallx
taskkill /F /IM iexplore.exe
:END

For getting rid of WinZip 12, the magic happens in the 'wmic' line. It searches all of the installed product's names for "winzip" and will uninstall anything it finds. This only works for products that use MSI's. If you ran this outside of a batch file, you will have to use a single % percentage sign instead of the %% double percentage sign... Windows scripting sucks, and that's just the way it is. Same thing that happens in "FOR" loops.

I never knew anything about the Windows management instrumentation control (wmic) until now, but I will be sure to exploit it's features.