I need to remotely perform a kill-switch on a Windows 7 Enterprise computer connected to an AD. Specifically, I need to
- remotely access the machine without visible user interaction (I have a domain account which is administrator on the machine)
- make it so that the machine is not usable (crashes/reboots and does not boot back)
- preserve the contents of the machine (be able to document what was changed)
The machine must be damaged enough that basic+ troubleshooting fails and requires it to be brought to a company help desk.
In order to anticipate comments: I understand that this sounds shady but this action is required, authorized and legal - within a corporate environment.
Coming from a Unix background, I do not know what is feasible remotely on a Windows machine. Ideally (and again, with a unix background in mind) I would be looking at actions like
- erasing the MBR and forcing a reboot
- removing key .
dll
s which would not be automatically recovered during a safe boot
EDIT following comments: this is a very specific forensics case which needs to be handled via this convoluted way.