http://forum.sysinternals.com/psexec-access-is-denied_topic547_page3.html
http://forum.sysinternals.com/psexec-could-not-start_topic3698.html
http://forum.sysinternals.com/psexec-to-localhost-logon-failure_topic5398.html
The way to install backdoor with domain credential:
1 RDP
2 PSexec.exe
SMB service on 139 or 445
Admin$ share is available.
http://www.windowsecurity.com/articles-tutorials/misc_network_security/PsExec-Nasty-Things-It-Can-Do.html
Install backdoor through psexec.exe