Run a Local Windows Command, From a Remote Shell

Karl Is WrightDIY

I had a situation a little while back were I had some servers, that process jobs, and they occasionally need to be rebooted because they get stuck. However, the people who most needed to reboot these servers, were not at all tech savvy, and they needed a quick way to reboot the servers without having to login.

So I create a few .bat files that these users can click on and then from there, reboot these servers whenever they get stuck.

Here’s how I solved the problem.

 

I found a useful set of tools called PS Tools or (Power Shell Tools) which you can pickup: here.

It’s a .zip file containing sever exe’s which can be executed in the Windows Power Shell which increase the shell’s functionality. One tool in particular, PsExec.exe can be used to login to a remote shell, and execute a command, locally.

Step 1.

Download PsTools.zip from here, and unzip it.

Step 2.

To be clear, PsExec.exe needs to be installed on the computer that will be sending the remote commands.

The next step is to decide whether or not you want to call PsExec.exe by path everytime, (ie. C:\Users\Me\Downloads\PsTools\PsExec.exe) or if you want to add it to your path and then you can just call it.

The easiest way to add PsExec.exe to your path is to just copy it over to C:\Windows\System32\

Step 3.

Before we can send any commands to a computer, particularly a command to reboot, we need to enable “remote administration”.

I’m going to be honest, I have no idea if this works on anything before Windows 7, but you’re welcome to try it on Vista.

To enable remote administration:

Manually via gpedit.msc

  1. Click start>Run
  2. Enter gpedit.msc
  3. Click OK
  4. Double-click Computer Configuration>Administrative Templates>Network>Network Connections>Windows Firewall
  5. Double-click Standard Profile>Windows Firewall: Allow remote administration exception
  6. Select Enabled
  7. Click Apply
  8. Click OK

From <https://www.manageengine.com/products/desktop-central/enabling-remote-desktop-how-to.html>

 

Or, via cmd (elevated)

netsh firewall set service RemoteAdmin

From <https://msdn.microsoft.com/en-us/library/aa459291(v=winembedded.11).aspx>

Step 4.

Now lets send some commands to our remote PC.

For the purpose of this example, assume that the user name is userhaven & the password is user. Assume the computer is named UserHave.

Let’s send a command to our remote PC that will tell it to reboot.

psexec \\UserHave -u UserHave\userhaven -p user -h -s shutdown -r -t 00

For a breakdown of the command:

psexec = calls the command

\\UserHave = Which computer to send it to

-u = for the username. If you are logging in with a domain account, put that before the user name like, HAVEN.COM\userhaven, otherwise just retype the name of the computer itself, UserHave\userhaven

-p = specifies the user password

-h = specifies that the command is to be run with administrator privileges

-s = Run the process as the system user

After that just type out the command you want to send as if you were typing it out in a local shell.

The first time you use the PsExec command, you will be prompted to accept a license agreement, then after that it’s smooth sailing.

 

For the full syntax on how to use the PsExec command, you can check that out, here.