Documentation

win_psexec - Runs commands (remotely) as another (privileged) user

New in version 2.3.

Synopsis

  • Run commands (remotely) through the PsExec service
  • Run commands as another (domain) user (with elevated privileges)

Requirements

The below requirements are needed on the host that executes this module.

  • Microsoft PsExec

Parameters

Parameter Choices/Defaults Comments
chdir
Run the command from this (remote) directory.
command
required
The command line to run through PsExec (limited to 260 characters).
elevated
    Choices:
  • no ←
  • yes
Run the command with elevated privileges.
executable Default:
psexec.exe
The location of the PsExec utility (in case it is not located in your PATH).
hostnames
The hostnames to run the command.
If not provided, the command is run locally.
interactive
    Choices:
  • no ←
  • yes
Run the program so that it interacts with the desktop on the remote system.
limited
    Choices:
  • no ←
  • yes
Run the command as limited user (strips the Administrators group and allows only privileges assigned to the Users group).
nobanner
(added in 2.4)
    Choices:
  • no ←
  • yes
Do not display the startup banner and copyright message.
This only works for specific versions of the PsExec binary.
noprofile
    Choices:
  • no ←
  • yes
Run the command without loading the account's profile.
password
The password for the (remote) user to run the command as.
This is mandatory in order authenticate yourself.
priority
    Choices:
  • background
  • low
  • belownormal
  • abovenormal
  • high
  • realtime
Used to run the command at a different priority.
system
    Choices:
  • no ←
  • yes
Run the remote command in the System account.
timeout
The connection timeout in seconds
username
The (remote) user to run the command as.
If not provided, the current user is used.
wait
    Choices:
  • no
  • yes ←
Wait for the application to terminate.
Only use for non-interactive applications.

Notes

Note

Examples

- name: Test the PsExec connection to the local system (target node) with your user
  win_psexec:
    command: whoami.exe

- name: Run regedit.exe locally (on target node) as SYSTEM and interactively
  win_psexec:
    command: regedit.exe
    interactive: yes
    system: yes

- name: Run the setup.exe installer on multiple servers using the Domain Administrator
  win_psexec:
    command: E:\setup.exe /i /IACCEPTEULA
    hostnames:
    - remote_server1
    - remote_server2
    username: DOMAIN\Administrator
    password: some_password
    priority: high

- name: Run PsExec from custom location C:\Program Files\sysinternals\
  win_psexec:
    command: netsh advfirewall set allprofiles state off
    executable: C:\Program Files\sysinternals\psexec.exe
    hostnames: [ remote_server ]
    password: some_password
    priority: low

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
changed
bool
always
Whether or not any changes were made.

Sample:
True
cmd
string
always
The complete command line used by the module, including PsExec call and additional options.

Sample:
psexec.exe -nobanner \\remote_server -u "DOMAIN\Administrator" -p "some_password" -accepteula E:\setup.exe
msg
string
failed
Possible error message on failure

Sample:
The 'password' parameter is a required parameter.
rc
int
always
The return code for the command

stderr
string
always
The error output from the command

Sample:
Error 15 running E:\setup.exe
stdout
string
always
The standard output from the command

Sample:
Success.


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

  • Dag Wieers (@dagwieers)

Hint

If you notice any issues in this documentation you can edit this document to improve it.