Using PsTools to Control Other PCs from the Command Line


This utility lists accounts that are logged on either on the machine or connecting remotely. It’s pretty simple, and largely useful in a system administrator type of environment.


This utility displays a local or remote event log on the command line, and there are a number of options that can be used for filtering the data.

psloglist \\computer System

There are also the -h, -d, and -m options, which let you narrow down the list of events to just the last x hours, days, or minutes. The -n option displays the list x records, while the -r switch reverses the order so the latest records will be at the bottom of the output. The last option, which we set to “System” in this example, is not actually necessary — if you omit it, the System log will always be pulled, but you could change it to Application or Security to pull those logs instead.

It’s worth noting that if you have administrator access to the other computer, you can simply open Event Viewer and choose Connect from the Action menu. Enter the computer name in the list, change the credentials if you need to, and access the event logs that way.

The only scenario where we can really see PsLogList being really useful is if you wanted to script out something to perform an action in case of certain messages in the event log.


This utility allows you to change the passwords for users, both local and remote. The syntax is the same as everything else:

pspasswd \\computer -u User -p Password <AccountToChange> <NewPassword>

The benefit to this utility over just using NET USER from the regular command prompt is that you can change passwords for multiple computers at once, and it works in a domain environment as well.


This utility pings, checks ports, and does latency and bandwidth testing. Pretty simple.

psping <servername>

Or you can check connectivity to a port by adding the port number like this:

psping <servername>:80

There are a ton of advanced options to this command that you will probably want to check out should you ned to do some network troubleshooting.


This utility allows you to deal with Windows Services from the command prompt. It’s really quite easy to use — the syntax works like this:

psservice \\computername <command> <arguments>

The list of commands can be found by looking at the help /? options, but there are a few options that you’ll find yourself using more than the rest.

  • query – Queries the status of a service
  • config – Queries the configuration
  • setconfig  – Sets the configuration
  • start – Starts a service
  • stop – Stops a service
  • restart – Stops and then restarts a service
  • pause – Pauses a service
  • cont – Continues a paused service
  • depend – Enumerates the services that depend on the one specified
  • find – Searches for an instance of a service on the network
  • security – Reports the security permissions assigned to a service

In particular, the start | stop | pause | restart | cont options are really simple and easy to understand. For instance in the following command you could replace “start” with any of those other commands.

psservice \\computername start <servicename>

The other options can be used to query more information about a service, or change the configuration.

Note: the built-in sc.exe utility has a ton of useful features that overlap with this utility. The main difference is that PsService is a little more user-friendly.


This utility allows you to shut down, log off, or even put a computer into sleep mode. The problem is that it isn’t better than the built-in shutdown.exe utility, and was actually designed for Windows XP, so it’s recommended to use the built-in utility instead in most cases.

The one option that PsShutdown provides that you can’t get otherwise is the switch (-d) to put the computer into sleep mode, which can be handy.

psshutdown \\computername -d

You can also use the -h option to put the computer into hibernate mode instead.


This utility is very similar to PsKill, but it does something that the built-in Taskkill utility just can’t — you can suspend processes rather than kill them, which can be very handy if you want to temporarily stop a CPU-intensive process from running while you complete a sysadmin task.

Suspending a process is extremely easy:

pssuspend \\computer <PID or Name>

And resuming that process is just as easy — all you have to do is add the -r switch.

pssuspend \\computer -r <PID or Name>

When the Utilities Won’t Connect Because of Remote Registry

Some of these utilities, including PsInfo, PsList, PsLogList, and PsLoggedOn require the remote registry service to be enabled on the remote computer, and it isn’t enabled by default on modern versions of Windows.

The good news is that this problem is easily fixable, and you don’t have to leave Remote Registry enabled. Just run this command using PsService to start the service:

psservice \\computername start RemoteRegistry

And then when you are done with whatever you are doing with PsInfo or PsList, you can stop the service again using this command:

psservice \\computername stop RemoteRegistry

Simple solutions are the best, aren’t they?

Next Lesson

Make sure to join us tomorrow, when we cover file and disk utilities, and some more interesting things.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.