Product Documentation

Installing PsTools from Microsoft for Multi-Tenant Console

Jul 08, 2013

The XenMobile Multi-Tenant Console is designed to run in a distributed server environment. If the Tomcat server you want to manage is a remote one and not located on the same physical server as Multi-Tenant Console, however, you must install PsTools utilities on the server.

PsTools is a set of command-line utilities that enable you to manage local and remote systems. All of the utilities in the PsTools suite work on Windows NT, Windows 2000, Windows XP, Windows 7, and Windows 8. Multi-Tenant Console uses two tools included in the PsTools suite:

  • PsExec to execute processes remotely
  • PsService to view and control services

You download and install the preceding tools from Microsoft Technet. When you finish installing the files, you can verify the commands and accept the terms and conditions of use by entering the following commands on the command-line console:

psexec \\127.0.0.1 cmd

psservice \\127.0.0.1 query

Note: If you are running Windows Vista, you should run the command-line console as an administrator.

In the case of a domain user accounts, such as an Active Directory user account, on Windows XP or Vista, it is recommended that you do the following:

  • Add both machines to the same domain
  • Add a domain user as local Administrator to the target-machine.
  • Use this domain user account for connecting with PsExec
  • If your local machine is a Windows Vista machine, run the command prompt for executing PsExec or PsService as administrator (right-click > Run as administrator), otherwise connection may fail (error 5, access denied).
  • Use "domain\user" syntax for authentication on command-line, for example: psexec.exe \\target-machine -u domain\user -p password -s cmd

In the case of a local user accounts, such as a Security Account Manager user account, on Windows Vista, verify the minimum requirements posted in this Microsoft forum. You have to change a UAC flag in the registry that allows you to toggle this behavior for local accounts: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy

  • 0 - build filtered token (Remote UAC enabled)
  • 1 - build elevated token (Remote UAC disabled)
If you set the DWORD entry to 1, you will be able to remotely connect to Vista with a local admin account from XP or Vista machine since the remote login is not filtered. It is recommended to reboot the machine to take account the modification of UAC flag.
Important: On the remote machine, it is very important that the RPC port (135) has the status "LISTENING" to remotely execute processes. Type "psexec \\hostname –u username –p password cmd" to check the remote connection.