The other day, I wanted to send my husband a message and have it appear on his computer screen. . .
Thinking along the same lines, I speculated that the same alterations that enabled me to send messages to another computer would also allow me to instruct another computer to Shut Down (or Re-Start.)
The command to Shut Down \\Kodiak, the laptop on the corner of my desk, would be . . .
ShutDown.EXE /m \\Kodiak /t 000 /s /f
Nothing fancy here, just /t to wait zero seconds, /s to Shut Down, an /f to forge ahead no matter who or what else is going on at \\Kodiak.
Not surprisingly, after an uncomfortably long wait, I was greeted by an error message: "Access Denied (5)"
Oh Great! Now what?
After some research, I discovered that in order for a remote ShutDown to work, \\Kodiak needed to have LocalAccountTokenFilterPolicy enabled. To do this, I'd need to make changes in \\Kodiak's registry.
Here's the command I used.
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Note: I prefer to use either .REG files or a command to alter the Registry. Either method leaves a "trail" of what's been done. If I make a mistake, it's far easier to rectify because I can alter the command I used to reverse the (wrong) changes. The Registry Editor, RegEdit, makes changes instantly and without any Un-Do options, making disasters all too likely and painful.
Now that the necessary alterations have been competed on \\Kodiak, I (confidently) executed the same command. And enjoyed the same result: "Access Denied (5)!"
Ok, something more is needed. Here it is. . .
Apparently, Inter-Process Communication (which uses Server Message Block) needs a little attention too. On my computer, in a Command Prompt Window running with Administrator privileges, the command to use is . . .
NET USE \\Kodiak\IPC$ {Password} /User:{Username}
This will cause my machine to send the appropriate UserName and PassWord to \\Kodiak along with any commands I enter using this window. I entered my ShutDown command: ShutDown.EXE /m \\Kodiak /t 000 /s /f
\\Kodiak surprised me by Shutting Down immediately!
Soooo. . .
Like sending messages, successfully completing a Remote ShutDown requires a couple of additional pieces added to the puzzle BEFORE the ShutDown command will execute properly. And like sending messages, it's difficult to find both the needed pieces in ONE place.
Of course, because completing a Remote ShutDown takes two commands, I put them into a batch file. To guarantee that the batch file runs with elevated privileges, I added this line near the top. . .
REG QUERY "HKU\S-1-5-19" 1>NUL 2>NUL || (ECHO Run as Administrator & GOTO :EOF)
Cheers, PW.
P.S. In the NET USE command, the {Password} and {Username} to use are those for the remote computer you wish to ShutDown and NOT the {Password} and {Username} for the machine you're using to issue the commands. (And don't forget to omit the squiggly brace characters too.)
P.P.S. Observant readers may wonder why I use ShutDown.EXE instead of the simpler ShutDown. I do this because I have a JavaScript routine ShutDown.JS that opens a ShutDown Window on my computer. If I omit the .EXE, the .JS version of ShutDown executes, and it's NOT what I want here. Of course, altering the Environment Variable PATHEXT so that .EXE appears before .JS would fix this -- and (maybe) break something else.
P.P.P.S. Original message: Message 31035439 |
