locked
Can't remote reboot domain PC RRS feed

  • Question

  • I would like to remote reboot domain PC, now I use bat + powershell script, I do not want to use for that domain admin but local user with admin privileges so my bat file: PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Unrestricted -File ""d:\public\Reboot Computer\Reboot.ps1""' -Verb RunAs}"; 
    and powershell Reboot.ps1: Restart-Computer -ComputerName (Read-Host "ComputerName") -Credential (Get-Credential) -Force

    I run .bat as administrator, then enter copmputer name: comp002, as credentials I use local user which is in administrators group comp002\admuser script is executed but computer is not rebooting. Maybe the problem is related to windows firewall (I already allowed incoming WMI)?

    Thursday, February 27, 2020 4:04 PM

All replies

  • Give the user account restart privileges on the remote system through Group Policy and let them use the standard "shutdown.exe" utility to perform a remote restart or shutdown.

    This is not a scripting issue but an issue of how to use Windows.  Shutdown privileges can be delegated to any user or group through Group Policy.

    Post in GP form or Windows General forum for help with how to do this.


    \_(ツ)_/

    Thursday, February 27, 2020 5:09 PM
  • what's in the event log? 

    why do you need to run the bat as an administrator if you're manually entering credentials for a remote computer? 

    so you want a user on computer X to be able to remotely reboot computer Y? but the batch file is because you want to just give him a shortcut to click on so he doesn't have to open start/run or a powershell window or a cmd window? 

    what happens if you just test this command remotely:

    Restart-Computer -ComputerName (Read-Host "ComputerName") -Credential (Get-Credential) -Force

    what happens if you put that command into a ps1 script, and manually run that ps1 from a powershell window? 

    so if those both work, you know your issue is how you're calling the ps1 in your batch file. 

    what's  your domain execution policy? if you are calling a script from the local D drive, 'remotesigned' should let you run it without chagning it to unrestricted


    • Edited by John_Curtiss Thursday, February 27, 2020 10:50 PM
    Thursday, February 27, 2020 10:46 PM
  • old skool.  Just open a CMD prompt and type "shutdown /m NETBIOSCOMPUTERNAME -r -t 0"
    Thursday, February 27, 2020 11:04 PM
  • old skool.  Just open a CMD prompt and type "shutdown /m NETBIOSCOMPUTERNAME -r -t 0"

    "old school" means no experience with modern computers and no experience with DCs.

    A DC cannot be shutdown by a standard user.  A user must have the shutdown privilege on a DC and on most server deployments.  This can be granted by a GPO to a specific user and applied to specific machines.  This allows a standard user to shutdown a DC directly using the shutdown utility.  This is also the best practices method for allowing this to occur although we would grant the privilege to a domain group and then just add the user to the group.  TO evoke the privilege we would just remove the user from the group.  This method allows for instant enabling and disabling of a users privileges to shutdown a system that is protected.

    What I am seeing here is a lot of users with no formal training in Windows Administration.  All appear to have learned on the job and have never attempted to do any formal training in Windows technology.  Anyone certified?  If you are then you need a refresher course.  This issue is a fundamental of the basic formal training.  The driving concept and procedures are fundamental to Windows security.

    Also - never give a normal user admin credentials.  Certain rights and privileges must be guarded.


    \_(ツ)_/


    • Edited by jrv Thursday, February 27, 2020 11:19 PM
    Thursday, February 27, 2020 11:18 PM
  • This thread is messed up from the beginning but dude, formal training and certifications mean nothing.  Anyone here is an expert offering solutions.

    The title indicates rebooting a domain PC but the reality is a DOMAIN PC is trying to reboot a domain controller as an anonymous user. from the same domain.  What is unclear is why?

    If this is for a UPS shutdown script, don't touch the AD controller, let them terminate, properly created, they do not have any write cache and just let them power up immediately.

    If this shutdown script is for another reason, just create the job on the domain controller as a scheduled task so it can run as itself.

    Friday, February 28, 2020 12:05 AM
  • This thread is messed up from the beginning but dude, formal training and certifications mean nothing.  Anyone here is an expert offering solutions.

    The title indicates rebooting a domain PC but the reality is a DOMAIN PC is trying to reboot a domain controller as an anonymous user. from the same domain.  What is unclear is why?

    If this is for a UPS shutdown script, don't touch the AD controller, let them terminate, properly created, they do not have any write cache and just let them power up immediately.

    If this shutdown script is for another reason, just create the job on the domain controller as a scheduled task so it can run as itself.

    It is only messed up because so many people are offering answers that do not meet the request in all ways.    

    Also a domain user cannot create a scheduled task on any domain PC except the one they are logged into so that idea is not helpful.

    The issue is clear.  Give a domain user the ability to restart a DC. The answer is just a simple.  Delegate the shutdown privilege on that DC to that user (through a group is best).

    Formal training means everything when working with complex technologies at an API level.  Formal training can be easily obtained by getting a good training manual and succeeding in learning it well enough to pas any of the many free test exams.  Getting certified is recommended as it will get you a better job and a better paycheck.  Exams can be had for as little as $80 each.  Most companies will reimburse for cert exams. You can charge the books and exams on your taxes or your company will likely be willing to pay for the books.  The issue is stop being lazy and try to actually learn the technology instead of guessing and getting bad advice from the Internet.


    \_(ツ)_/

    Friday, February 28, 2020 12:36 AM