How can I connect to a Windows server using a Command Line Interface? (CLI)

Question

Especially with the option to install Server Core in Server 2008 and above, connecting to Windows servers over a CLI is increasingly useful ability, if not one that's very widespread amongst Windows administrators.

Practically every Windows GUI management tool has an option to connect to a remote computer, but there is no such option present in the built-in Windows CLI (cmd.exe), which gives the initial impression that this might not be possible.

Is it possible to remotely management or administer a Windows Server using a CLI? And if so, what options are there to achieve this?

Answer 1

There are several fairly easy options available for remotely managing a remote Windows Server using a command line, including a few native options.

Native Options:

1. WinRS/WinRM
   
   
   • Windows Remote Shell/Management tool is the easiest way to remotely manage a remote Windows server in a command line utility, and as with most Windows command line utilities, ss64 has a good page on its options and syntax.
   • Although not explicitly stated in the Microsoft documentation, this can be used to launch a remote instance of cmd.exe, which creates an interactive command line on the remote system, rather than as command line option to execute a single command on a remote server.
     • As with: winrs -r:myserver.mydomain.tld cmd
   • This is also the natively-supported option that will probably be most familiar to administrators of other systems (*nix, BSD, etc.) that are primarily CLI-based.
     
     
2. PowerShell
   
   
   • Hopefully PowerShell needs no introduction, and can be used to manage remote computers from a CLI using WMI (Windows Management Instrumentation).
   • PowerShell remoting allows the execution of Powershell scripts and commands on remote computers.
   • There are a number of good resources on using WMI + PowerShell for remote management, such as The Scripting Guy's blog, the MSDN WMI Reference and ss64.com, which has an index of PowerShell 2.0 commands.
     
     
3. Remote Desktop
   
   
   • Probably not exactly the first thing to come to mind as a Window CLI option, but of course, using mstsc.exe to connect to a server over Remote Desktop Protocl (RDP) does enable the use of a command line on the remote server.
   • Connecting to a Server Core installation over RDP, is actually possible and will give the same interface as connecting to the console - an instance of cmd.exe.
     • This may be somewhat counter-intuitive, as Server Core lacks a desktop, or the other normal Windows shell options, but there's a quick article over at petri.co.il about how to manage Server Core over RDP, should one be so inclined.

Popular, Non-Native Options:

Even though Windows now provides a few native options for accessing a remote sever over aCLI, this was not always the case, and as a result, a number of fairly popular 3rd party solutions were created. The three most notable are below.

1. Install SSH on your Windows Server

   • If you just must have SSH, that's an option too, and there's a guide on social.technet for how to install OpenSSH on Server 2008.
   • Probably most useful for administrators of other systems (*nix, BSD, etc.) that make heavy use of SSH for this purpose, though there are advantages to even Windows-only administrators for having a single terminal emulator client (like PuTTY) store a number of target computers and customized (or standardized) settings for each.
     
     

2. PSExec

   • The original option for executing remote commands on a Windows box through the Windows CLI, this is part of the excellent SysInternals suite. One of the very few "must have" packages for Windows admins, the SysInternals tools were so widely respected and used that SyInternals was bought out by Microsoft, and the tools are now somewhat officially supported by Microsoft.
   • Just as with WinRS/RM, PSExec can be used to issue single commands to a remote server, or to launch an interactive instance of cmd.exe on a remote computer.
     • As with: psexec \\myserver.mydomain.tld cmd
   • As with the other options, there are steps one must take first to ensure PSExec is actually able to connect to the target machine.
     
     

3. Add a utilities folder to the server and store its value in the %PATH% system variable

   • As has been noted in the comments there are many a good SysInternals program that can be executed on the command line and targeted at a remote system, and this is true of more than just SysInternals.
   • Basically, package up a bundle of your favorite Windows utilities into a folder you push to all your servers and add that folder to the %PATH% environmental variable of your systems. Both are easily done through GPO.
     • (I include the SysInternals Suite, PuTTY, WinDirStat and a bunch of custom scripts I find myself reusing) into a folder that gets pushed to all my servers
   • Obviously, this is useful for more than just managing Windows systems via CLI, but I find it so useful I think it's worth including anyway.

Answer 2

Just for the sake of completeness: although it might not be the best solution for various reasons, every Windows system supports the Telnet service, which can be enabled from the features list.

Microsoft's telnet implementation also supports NTLM authentication, thus, unlike standard telnet to a Unix system, no clear-text password is sent on the network when using it.