How do I shut down a Windows XP box remotely from a Linux box?

windows rpc

I have Windows XP running in virtual machines connected to my local network for testing purposes. The tests are done remotely. When finished, I want to shut them down remotely, from a Linux box.

ETA: Note that the Windows box runs XP Home, so there are no security / group policies.

For the Linux systems in the same setup, I do:

#> ssh root@linux-vm123 'shutdown -h now';

For the Windows systems, I should be able to do:

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U user%pwd

But that gives me the following error:

Could not connect to server xx.xx.xx.xx
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

The user is an administrator and the account has a password set. Do I need to set up anything on the Windows system?

ETA: Is there a way I can test just the login, i. e. without sending a shutdown command that might need other privileges or settings?


Solution 1:

Windows XP Home does not allow network logon other than via the Guest account. So you have to enable it first of all.

This gave me a new error telling me that the "logon type" wasn't permitted. Logon type was "code 3", which I found out to mean "network logon". Activating file sharing fixed this, but I have no idea why.

Of course, Guest is not allowed to shutdown the computer, so the account has to be added to the Administrators group (which is of course a massive violation of any security guidelines, but remember this is completely local, all under my desk and staying there) by issuing the following command in the shell:

net localgroup Administrators Guest /ADD

And then, you'll find out that the RPC shutdown command seems to require the winreg named pipe on the target which seems to be provided by the Remote Registry service, which is not available in XP Home. So, for now, no remote shutdown for me.

It should be noted that XP Home just isn't meant to work in a managed, professional network, but I'm choosing the systems to test on for what I'm expecting on the target machines, not what I want to use. However, a note in the net/rpcclient manpages would have been very kind...

Solution 2:

Almost there. Please escape your backslashes on a bash command line.

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U DOMAIN\\user%pwd
#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U MACHINENAME\\user%pwd

This should work

Solution 3:

Are you specifying the Domain or Machine name:

i.e. if the machine is on a domain

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U DOMAIN\user%pwd

or

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U [email protected]%pwd

or if the machine is in a workgroup

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U MACHINENAME\user%pwd

Solution 4:

In my experience there are two things that could be going wrong. The first and most common is whether or remote shutdown is allowed. In the Local Security Policy (Start -> Control Panel -> Administrative Tools -> Local Security Policy). Expand Local Policies and open up Security Options. "Network Access: Sharing and security model for local accounts" needs to be set to Classic.

As another answer has said the machine name is required, even if you have already specified an IP address. Try using something like this:

rpcclient --user='Administrator' -I x.x.x.x --command='shutdown' ComputerName

Related

finding user's documents folder in .bat script
What is the best way to backup a Linux webserver? [closed]
Configure DNS to forward email to google
How to analyze space used by tables, indexes
panorama photos on iPhone 6 are too narrow
TiVo videos on a Mac?
Is there a way to display audio bitrate in Finder?
Smaller Album artwork in iTunes 12.5.1.21?
Download icloud photo library without paying?
Can anyone recommend a stop watch or timer which stays always on top?
Shortcut to EQ in iOS?
Updating Keychain entry manually prevents next access from GUI tools afterwards: Always asks for permission