psexec – access denied when connecting to network share – work around

psexec is a utility for remotely executing files on a networked computer. there is a limitation with it however, whereas you can not launch an executable located on a network share. you will note the same behavior if you connect to a telnet session, and try to connect to a network share, no matter which user rights the user you connected to has on the domain.

Here is an example whereas i wanted to force a logon script i set up in group policy to perform some disk maintenance:

U:\>psexec \\andys-pc "\\server\SYSVOL\domain.com\scripts\schedule_defrags.bat"

PsExec v1.94 - Execute processes remotely
Copyright (C) 2001-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

Starting \\server\SYSVOL\domain.com\scripts\schedule_defrags.bat on andys-pc

Access is denied.
\\server\SYSVOL\domain.com\scripts\schedule_defrags.bat exited on andys with error pre 1.

a very simple workaround is to eliminate the psexec with the old school command “at” to schedule the task a minute or two ahead of the current time:

U:\>at \\ANDYS 11:20 \\server\SYSVOL\domain.com\scripts\schedule_defrags.bat
Added a new job with job ID = 1

or if you are like me, and want to force the entire domain to run an executable from a network location, for example, a logon script:

U:\>for /f %n in ('net view ^| find "\\" ^| gawk "{print $1}' ^| grep -i -v -e "server1" -e "server2" -e "server3" ') do at %n 11:30 \\server\SYSVOL\domain.com\scripts\schedule_defrags.bat 

note: i used gawk and grep in there, because i love linux utils ported to windows. you can achieve similar results by using a series of

 ^| find /v "server1" 

for excluding the systems you want, but i do not know of a replacement for the gawk portion of that statement.
however, this should output:

U:\>at \\ANDYS 11:30 "\\server\SYSVOL\domain.com.com\scripts\schedule_defrags.bat"
Added a new job with job ID = 1

U:\>at \\APP-SRV 11:30 "\\server\SYSVOL\domain.com.com\scripts\schedule_defrags.bat"
Added a new job with job ID = 1

U:\>at \\BEPPEL 11:30 "\\server\SYSVOL\domain.com.com\scripts\schedule_defrags.bat"
Added a new job with job ID = 1

U:\>at \\CHRISG 11:30 "\\server\SYSVOL\domain.com.com\scripts\schedule_defrags.bat"
Added a new job with job ID = 1

and so forth, for each computer in the domain…

your welcome.

Did you like this? Share it:
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *