How do I shut down a Windows XP box remotely from a Linux box?

windows rpc

6,536

Solution 1

Windows XP Home does not allow network logon other than via the Guest account. So you have to enable it first of all.

This gave me a new error telling me that the "logon type" wasn't permitted. Logon type was "code 3", which I found out to mean "network logon". Activating file sharing fixed this, but I have no idea why.

Of course, Guest is not allowed to shutdown the computer, so the account has to be added to the Administrators group (which is of course a massive violation of any security guidelines, but remember this is completely local, all under my desk and staying there) by issuing the following command in the shell:

net localgroup Administrators Guest /ADD

And then, you'll find out that the RPC shutdown command seems to require the winreg named pipe on the target which seems to be provided by the Remote Registry service, which is not available in XP Home. So, for now, no remote shutdown for me.

It should be noted that XP Home just isn't meant to work in a managed, professional network, but I'm choosing the systems to test on for what I'm expecting on the target machines, not what I want to use. However, a note in the net/rpcclient manpages would have been very kind...

Solution 2

Almost there. Please escape your backslashes on a bash command line.

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U DOMAIN\\user%pwd
#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U MACHINENAME\\user%pwd

This should work

Solution 3

In my experience there are two things that could be going wrong. The first and most common is whether or remote shutdown is allowed. In the Local Security Policy (Start -> Control Panel -> Administrative Tools -> Local Security Policy). Expand Local Policies and open up Security Options. "Network Access: Sharing and security model for local accounts" needs to be set to Classic.

As another answer has said the machine name is required, even if you have already specified an IP address. Try using something like this:

rpcclient --user='Administrator' -I x.x.x.x --command='shutdown' ComputerName

Solution 4

Are you specifying the Domain or Machine name:

i.e. if the machine is on a domain

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U DOMAIN\user%pwd

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U [email protected]%pwd

or if the machine is in a workgroup

#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U MACHINENAME\user%pwd

View more solutions

6,536

Hanno Fietz

I'm running my own startup which sells software to help companies monitor their energy consumption in detail. My programming tasks center on the Java / OSGi backend and a web-based GUI that is currently being migrated from ActionScript / Flash to JS / AJAX.

Updated on September 17, 2022

Comments

Hanno Fietz almost 2 years
I have Windows XP running in virtual machines connected to my local network for testing purposes. The tests are done remotely. When finished, I want to shut them down remotely, from a Linux box.

ETA: Note that the Windows box runs XP Home, so there are no security / group policies.

For the Linux systems in the same setup, I do:
```
#> ssh root@linux-vm123 'shutdown -h now';
```
For the Windows systems, I should be able to do:
```
#> net rpc SHUTDOWN -I xx.xx.xx.xx -f -U user%pwd
```
But that gives me the following error:
```
Could not connect to server xx.xx.xx.xx
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
```
The user is an administrator and the account has a password set. Do I need to set up anything on the Windows system?

ETA: Is there a way I can test just the login, i. e. without sending a shutdown command that might need other privileges or settings?
- Admin about 15 years
  
  People seem to be very trigger happy, I will comment instead. First of all, you have checked the username/password combination for sure and know it works, correct?
- Admin about 15 years
  
  Yes, of course. What I have never quite understood, though, is how I have to qualify a username on a Windows system. I tried just the name, machine\name and workgroup\name, to be sure.
Hanno Fietz about 15 years

The machine is on a workgroup, I tried MACHINENAME\user with the same result.
Hanno Fietz about 15 years

I also tried WORKGROUPNAME\user, same too.
Hanno Fietz about 15 years

The box runs XP Home, there's no such thing as local security policies. Does that mean remote shutdown can't work? Or that it can't be disallowed?
Hanno Fietz about 15 years

No, sorry, escaping doesn't help either.
abby about 15 years

The good news is that I can give you the location of the registry key to change. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data The bad news is that it's binary data encompassing all of the security policies and since I don't have an XP home install anywhere I can't verify that XP home even has that key. I'll do a bit more research to see what I can find.
Richard Slater about 15 years

Great catch, sorry that it didn't pan out for you though.
Johan Buret about 15 years

Full credits, sir. I'm impressed, really.