How to use psexec without admin privileges on target machine?

Solution 1:

As found at: https://stackoverflow.com/questions/534426/psexec-help-needed

You need to have admin rights on the target as part of psexec starts up a windows service on the target, and you need admin rights to be able to do that.

psexec copies a psexecsvc file to the admin share and then using remote management starts up a service using that file. It opens up named pipes and uses that for further communication. When it's finished it tidies up after itself.

Although I can't find OFFICIAL documentation that says the same thing.

Solution 2:

Ask to be local admin on the machine.

Edit: Or run the command as a scheduled task. Or use the -l switch in PsExec:Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. See here:http://technet.microsoft.com/en-us/sysinternals/bb897553. Sorry to say but RTFM!

For example: To run Internet Explorer as with limited-user privileges use this command:

psexec -l -d "c:\program files\internet explorer\iexplore.exe"

Note that the password is transmitted in clear text to the remote system.