Wednesday, April 25, 2012

Use PSExec to Remotely Audit machines

This may be less applicable to some than most of my posts but I was able to pull this off today on short notice and thought it deserved sharing. I was requested to audit an entire departments Windows computers with the assumption that we would need to run the Audit executable manually on every users machine. This seemed like a good opportunity to script something.

I settled on Sysinternals PSExec tool for a quick and dirty solution.

You can find the full syntax and download for PSExec here.

So, to audit a full list of computers:

psexec -i -a 1 @c:\pclist.txt -u domain\username -p password -w \\server\audit\pc \\server\audit\pc\audit.exe

Your list of computers should be their computer name (as it appears in Active Directory) with each computer separated by a carriage return.

Just use a notepad document with the computer names on separate lines. For Example,


You also must be sure that the credentials you are using have local administrative privileged on the machine.

To just audit an individual computer:

psexec -i -a 1 \\computername -u domain\username -p password -w \\server\audit\pc \\server\audit\pc\audit.exe

And that's it. Far easier than traveling to every computer to run the tool.