Remote Control/Shutdown/Restart Windows Computer
I wrote the following batch files in order to remotely control and/or remotely shutdown/restart a Windows computer from another computer on the same Local Area Network (LAN). These scripts are useful for computers on the same LAN that are not joined to a Windows Domain. You would not require these scripts for computers within a Windows Domain since Group Policy would allow you to control all levels of remote access. These scripts were designed for use with Windows 7 but may in fact work with Windows Vista and Windows 8. I have yet to test these batch files using those operating systems.
In order to maintain a high level of security, Microsoft requires that a number of policies, services and ports are configured in order for computers to be remotely controlled and/or shutdown/restarted. The first script turns on the ability to remotely access the computer. The second script turns off this ability. Once the script is Run As Administrator from the computer, a reboot is not required in order for the computer to be remotely accessible from another computer on the same Local Area Network (LAN).
These scripts are useful for use with:
Usage:
remote-reboot-on-run-as-admin.cmd:
sc config remoteregistry start= auto
net start remoteregistry
sc config lanmanserver start= auto
net start lanmanserver
sc config termservice start= auto
net start termservice
sc config browser start= auto
net start browser
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LimitBlankPasswordUse" /t REG_DWORD /d 0x00000000 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d 1 /f
net user administrator /active:yes
net user administrator [password]
net localgroup "Remote Desktop Users" administrator /add
pause
remote-reboot-off-run-as-admin.cmd:
sc config remoteregistry start= disabled
net stop remoteregistry
sc config lanmanserver start= auto
net start lanmanserver
sc config termservice start= auto
net start termservice
sc config browser start= auto
net start browser
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=no
netsh advfirewall firewall set rule group="Remote Desktop" new enable=no
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=no
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=no
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LimitBlankPasswordUse" /t REG_DWORD /d 0x00000001 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d 0 /f
net user administrator /active:no
net user administrator [password]
net localgroup "Remote Desktop Users" administrator /add
pause
In order to maintain a high level of security, Microsoft requires that a number of policies, services and ports are configured in order for computers to be remotely controlled and/or shutdown/restarted. The first script turns on the ability to remotely access the computer. The second script turns off this ability. Once the script is Run As Administrator from the computer, a reboot is not required in order for the computer to be remotely accessible from another computer on the same Local Area Network (LAN).
These scripts are useful for use with:
- shutdown /i
- psexec \\X.X.X.X -u [username] -p [password] cmd
- Microsoft Remote Desktop (RDP)
Usage:
- In the scripts, define the Local Administrator Password that you wish to use at the line: net user administrator [password]
- Right-mouse click the script and Run As Administrator from the computer (Computer A) that you wish to allow remote control and/or shutdown/restart.
- From another computer (Computer B) on the same Local Area Network (LAN), browse to the UNC Path of the Remote Computer. Example: \\[Computer Name]
- Login to the Remote Computer using the Local Administrator account. Username: administrator. Password: [You defined in the script].
- Browse to: \\[Computer Name]\admin$ to confirm you have access to the Remote Computer Admin Share.
- You can now remotely control/shutdown/restart the remote computer using: shutdown /i, psexec, Remote Desktop, etc.
remote-reboot-on-run-as-admin.cmd:
sc config remoteregistry start= auto
net start remoteregistry
sc config lanmanserver start= auto
net start lanmanserver
sc config termservice start= auto
net start termservice
sc config browser start= auto
net start browser
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LimitBlankPasswordUse" /t REG_DWORD /d 0x00000000 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d 1 /f
net user administrator /active:yes
net user administrator [password]
net localgroup "Remote Desktop Users" administrator /add
pause
remote-reboot-off-run-as-admin.cmd:
sc config remoteregistry start= disabled
net stop remoteregistry
sc config lanmanserver start= auto
net start lanmanserver
sc config termservice start= auto
net start termservice
sc config browser start= auto
net start browser
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=no
netsh advfirewall firewall set rule group="Remote Desktop" new enable=no
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=no
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=no
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LimitBlankPasswordUse" /t REG_DWORD /d 0x00000001 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d 0 /f
net user administrator /active:no
net user administrator [password]
net localgroup "Remote Desktop Users" administrator /add
pause