4

I have Windows XP running in virtual machines connected to my local network for testing purposes. The tests are done remotely. When finished, I want to shut them down remotely, from a Linux box.

ETA: Note that the Windows box runs XP Home, so there are no security / group policies.

For the Linux systems in the same setup, I do:

#> ssh root@linux-vm123 'shutdown -h now';

For the Windows systems, I should be able to do:

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U user%pwd

But that gives me the following error:

Could not connect to server xx.xx.xx.xx
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

The user is an administrator and the account has a password set. Do I need to set up anything on the Windows system?

ETA: Is there a way I can test just the login, i. e. without sending a shutdown command that might need other privileges or settings?

Hanno Fietz
  • 992
  • 2
  • 11
  • 23
  • People seem to be very trigger happy, I will comment instead. First of all, you have checked the username/password combination for sure and know it works, correct? –  May 11 '09 at 11:21
  • Yes, of course. What I have never quite understood, though, is how I have to qualify a username on a Windows system. I tried just the name, machine\name and workgroup\name, to be sure. – Hanno Fietz May 11 '09 at 11:59

5 Answers5

8

Windows XP Home does not allow network logon other than via the Guest account. So you have to enable it first of all.

This gave me a new error telling me that the "logon type" wasn't permitted. Logon type was "code 3", which I found out to mean "network logon". Activating file sharing fixed this, but I have no idea why.

Of course, Guest is not allowed to shutdown the computer, so the account has to be added to the Administrators group (which is of course a massive violation of any security guidelines, but remember this is completely local, all under my desk and staying there) by issuing the following command in the shell:

net localgroup Administrators Guest /ADD

And then, you'll find out that the RPC shutdown command seems to require the winreg named pipe on the target which seems to be provided by the Remote Registry service, which is not available in XP Home. So, for now, no remote shutdown for me.

It should be noted that XP Home just isn't meant to work in a managed, professional network, but I'm choosing the systems to test on for what I'm expecting on the target machines, not what I want to use. However, a note in the net/rpcclient manpages would have been very kind...

Hanno Fietz
  • 992
  • 2
  • 11
  • 23
4

Almost there. Please escape your backslashes on a bash command line.

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U DOMAIN\\user%pwd
#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U MACHINENAME\\user%pwd

This should work

Johan Buret
  • 247
  • 4
  • 8
2

Are you specifying the Domain or Machine name:

i.e. if the machine is on a domain

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U DOMAIN\user%pwd

or

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U user@domain.com%pwd

or if the machine is in a workgroup

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U MACHINENAME\user%pwd
Richard Slater
  • 3,228
  • 2
  • 28
  • 42
2

In my experience there are two things that could be going wrong. The first and most common is whether or remote shutdown is allowed. In the Local Security Policy (Start -> Control Panel -> Administrative Tools -> Local Security Policy). Expand Local Policies and open up Security Options. "Network Access: Sharing and security model for local accounts" needs to be set to Classic.

As another answer has said the machine name is required, even if you have already specified an IP address. Try using something like this:

rpcclient --user='Administrator' -I x.x.x.x --command='shutdown' ComputerName
TrueDuality
  • 1,844
  • 5
  • 27
  • 37
  • The box runs XP Home, there's no such thing as local security policies. Does that mean remote shutdown can't work? Or that it can't be disallowed? – Hanno Fietz May 14 '09 at 07:52
  • The good news is that I can give you the location of the registry key to change. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data The bad news is that it's binary data encompassing all of the security policies and since I don't have an XP home install anywhere I can't verify that XP home even has that key. I'll do a bit more research to see what I can find. – TrueDuality May 14 '09 at 13:06
0

A stupid evil hack would be to create a service listening on a port of your chosing that does nothing more than execute shutdown (perhaps psshutdown from the PsTools suite if XP home does not include such a command). Any connection attempt to that port should trigger a shutdown, so of course you open yourself up to annoyance if someone so much as port scans your test box...

A slightly more security-minded approach would be to make Windows more like Linux and install an SSH server (perhaps full-blown cygwin, perhaps one of the SSH-server-only packages that I've seen on t'internet)

Norky
  • 849
  • 4
  • 14