Forced shutdown of a remote nt/2k server

When restarting a remote NT based server from the gui, NT stops any remote administration service (eg WinVNC/PC-Anywhere/BO etc) that you have running. If the machine fails to reboot cleanly (say a dialog box appears during shutdown) and your remote administration service has stopped you are fuxored. I work from home most of the time and so I object to having to get dressed to go and see sick servers :).

To get around this problem I wanted to write a program to implicitly force a reboot from the command line. By 'force a reboot' I mean telling the system to shut down ignoring any dialog boxes, errors, tasks waiting to complete or other anomalies, and restart regardless. This was intended to be an application of last resort, but I have had it implemented on my own servers for a couple of months now and it has been so successful that I made it policy to do all server reboots using this command line app - rather than attempting a shutdown via the gui first.

Notes on the code

This program uses the windows APIs. Because of this you could write it in any number of languages, but the example below is given in Visual Basic. Also I can't take 100% credit for the code - A lot of the API stuff is cut and pasted from API reference sites such as www.vbapi.com, but I have stitched it all together, added comments and the command line interface.

If you're going to try to get this code working in VB you'll have to create a new project containing just one .bas module and add a reference to "Visual Basic for Applications". This is for the retrieval of command line parameters. Then copy and paste the code listed below into your module.

Retrieving the O/S type

This code is only meant to run on versions of WinNT. So first of all we have to have a little bit of sanity checking. Is this a WinNT box? We can use the GetVersionEx API to get the version of our target operating system. The IsWinNT() function populates the myos value (of OSVERSIONINFO type) with information about the target operating system. If the target system is an NT box the following statement (and therefore the IsWinNT() function) will return true:

Code:

Private Const VER_PLATFORM_WIN32_NT = 2 ... IsWinNT = (myOS.dwPlatformId = VER_PLATFORM_WIN32_NT)

Setting shutdown privileges for the current thread

Ok. Now we know that the target system is NT we need to set the priveledges on our application so that we can shut down the system. To do this we use the GetCurrentProcess, LookupPrivilegeValue and AdjustTokenPrivileges APIs. The EnableShutDown subroutine uses the GetCurrentProcess API to get the handle for the current process and assign that process with permission to shutdown the system. I won't go into this too much here because I document this rather heavily in the code.

Retreiving user input from the command line

Sub main splits command line parameters, which are stored in the command$ variable, into an array using space as the deliminator. The code checks for two parameters, the action (valid options are logoff/reboot/shutdown prefaced by either - or /) and a boolean force variable (similarly prefaced) that decides whether or not to force the selected action. This bit of the code requires a reference to Visual Basic for Application so as to access the script host.

Forcing a reboot

The ShutDownNT procedure accepts the Flags parameter that specifies the action to be taken. The actual action taken by the ExitWindowsEx API contained in the ShutDownNT procedure is defined by assigning the sum of the following constants to the passed Flags variable:

Code:

Private Const EWX_LOGOFF = 0 Private Const EWX_SHUTDOWN = 1 Private Const EWX_REBOOT = 2 Private Const EWX_FORCE = 4

So for example the flags required for a forced reboot would be:

Code:

Private Const EWX_LOGOFF = 0 Private Const EWX_SHUTDOWN = 1 Private Const EWX_REBOOT = 2 Private Const EWX_FORCE = 4 ... flags = (EWX_FORCE + EWX_REBOOT) 'or flags = 4 + 2

The code!

Code:

Option Explicit Private Const action_REBOOT = 1 Private Const action_LOGOFF = 2 Private Const action_SHUTDOWN = 3 'API constants Private Const EWX_LOGOFF = 0 Private Const EWX_SHUTDOWN = 1 Private Const EWX_REBOOT = 2 Private Const EWX_FORCE = 4 Private Const TOKEN_ADJUST_PRIVILEGES = &H20 Private Const TOKEN_QUERY = &H8 Private Const SE_PRIVILEGE_ENABLED = &H2 Private Const ANYSIZE_ARRAY = 1 Private Const VER_PLATFORM_WIN32_NT = 2 'API structures Public Type OSVERSIONINFO dwOSVersionInfoSize As Long dwMajorVersion As Long dwMinorVersion As Long dwBuildNumber As Long dwPlatformId As Long szCSDVersion As String * 128 End Type Public Type LUID LowPart As Long HighPart As Long End Type Public Type LUID_AND_ATTRIBUTES pLuid As LUID Attributes As Long End Type Public Type TOKEN_PRIVILEGES PrivilegeCount As Long Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES End Type 'API Declarations Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long Private Declare Function OpenProcessToken Lib "advapi32.dll" _ (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, _ TokenHandle As Long) As Long Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" _ Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, _ ByVal lpName As String, lpLuid As LUID) As Long Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" _ (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, _ NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, _ PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long Private Declare Function ExitWindowsEx Lib "user32.dll" _ (ByVal uFlags As Long, ByVal dwReserved As Long) As Long Private Declare Function GetVersionEx Lib "kernel32.dll" _ Alias "GetVersionExA" (ByRef lpVersionInformation As OSVERSIONINFO) As Long Sub Main() Dim a_strArgs() As String Dim i As Integer Dim Force As Boolean Dim Action As Integer Dim Flags as Long 'Sanity checking to see if the target system is NT If IsWinNT = True Then 'Reset system variables Force = False Action = 0 'Split the contents of the command$ variable into the a_strArgs array 'using [space] as the deliminator. a_strArgs = Split(Command$, " ") 'Iterate throught the a_strArgs array For i = LBound(a_strArgs) To UBound(a_strArgs) Select Case LCase(a_strArgs(i)) Case "-logoff", "/logoff" Action = action_LOGOFF Case "-reboot", "/reboot" Action = action_REBOOT Case "-shutdown", "/shutdown" Action = action_SHUTDOWN Case "-force", "/force", "/f", "-f" Force = True Case Else Exit Sub End Select Next i End If 'If an action has been set then enable the shutdown priveledges 'on this process If Action > 0 Then EnableShutDown Else 'No action has been selected so terminate Exit Sub End If 'Calculate the sum of the required flags and pass this as a 'parameter to the ShutDownNT procedure. if force = true then flags = EWX_FORCE Select Case Action Case action_LOGOFF flags = flags + EWX_LOGOFF ShutDownNT(flags) Case action_REBOOT flags = flags + EWX_LOGOFF ShutDownNT(flags) Case action_SHUTDOWN flags = flags + EWX_LOGOFF ShutDownNT(flags) End Select End Sub Public Function IsWinNT() As Boolean Dim myOS As OSVERSIONINFO 'I think I pretty much covered this above myOS.dwOSVersionInfoSize = Len(myOS) GetVersionEx myOS IsWinNT = (myOS.dwPlatformId = VER_PLATFORM_WIN32_NT) End Function 'set the shut down privilege for the current application Private Sub EnableShutDown() Dim hProc As Long Dim hToken As Long Dim mLUID As LUID Dim mPriv As TOKEN_PRIVILEGES Dim mNewPriv As TOKEN_PRIVILEGES 'Get the process ID of the this process 'and place it in the hproc variable hProc = GetCurrentProcess() 'Open the hProc process and lookup the 'SeShutdownPrivilege value OpenProcessToken hProc, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, hToken LookupPrivilegeValue "", "SeShutdownPrivilege", mLUID 'Create a new set of priveledges in the mPriv variable 'of token priveledges type mPriv.PrivilegeCount = 1 mPriv.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED mPriv.Privileges(0).pLuid = mLUID ' enable shutdown privilege for the current application AdjustTokenPrivileges hToken, False, mPriv, _ 4 + (12 * mPriv.PrivilegeCount), mNewPriv, _ 4 + (12 * mNewPriv.PrivilegeCount) End Sub ' Shut Down NT Public Sub ShutDownNT(Flags as Long) ExitWindowsEx Flags, 0 End Sub

If you want to get a copy of this app without the bother of compiling it yourself you can download a zipped copy from my public FTP server at ftp://195.8.181.206/SimonSoft/shutdown.zip

Whilst every care is taken to ensure that files on this FTP are virus and error free you are advised to scan any files you download. Usage is entirely at your own risk. If you use any other software from this server and intent to keep it please support it's creators by buying a valid licence.

If you enjoyed this tutorial have a look at these:
Scripting Internet Connections Under Window$
Securing an installation of IIS 4. (No, seriously)
Remote DSN Connections, using WinAPIs and the registry

impresive bit of coding....personally i am not creative to even think of some of the stuff u did with VB :)....i personally dont need it but i was wondering how would u have ot tweak it for win2k serv or adv serv?...i am sure some ppl might need it...now adays win nt isnt used as much and maybe u should recode it for 2k :)

emrys --

This works with /all/ flavours of NT. That includes 2k, which is in actual fact NT 5. I don't use XP as yet - never 'buy' (and I use the term loosley here to encompass any transaction you walk away from with a new piece of software ;)) anything from M$ until /at least/ service pack 3 unless you really want to be a beta tester - but if XP uses the NT kernel (and I don't see why it wouldn't - if it ain't broke you don't fix it) it should work on XP aswell. :)

The w2k resource kit has a utility called shutdown.exe that should does pretty much the same as your code (I think :) )

Ammo

Yeah - but mine's open source :thumbsup:

Ok - apologies if my last post was a bit flippant - it's getting late. Upon refelection what I probably meant was: IMHO the code is worthwhile just for the sake of the code. There are some bits that would be useful for any number of apps so I figured it was worth posting.

NTSA : cool....well i have XP so i might try it just for the hell of it :)...not that i use remote desktop but oh well :/

ntsa: yeah I understand, just wanted to mention it to others looking for that kind of tool... (if the didn't want to build your code for some reason ;) )

Ammo

If you download the zipped exe and try it on XP let me know what results you have. I'd be interested. TIA.

"shutdown /c /l /r /y" will do what you wanted(closes all programs, answers yes to any popups, and reboots the server).

Just confirming the earlier post about shutdown. Also, how does your system shutdown get logged on Win2K machines? IE., does the shutdown event in the system log show up as expected or unexpected? I have seen some instances where using shutdown from the Win toolkit causes the system to think the system shutdown was unexpected. This is not really a big issue as long as you know what to expect though.

There is also a command called "logoff" in Win2k. Comes in handy when using terminal server.

You can get a list of all users with open sessions on a machine by doing "query session." Then using the session ID provided from that you can "logoff X" where x is the session ID. Just throwing this in because I saw you had some variables for a logoff function.

Good addendum - thanks!

Ammo - the shutdown.exe prog... That can be used over TCP/Ip, cant it? I thought you can, but Ive been trying to remote manage my IIS server from work, and when I connect to it, with proper passwords and all, and even open a IPC$ connection to it, it will not seem to go.
the shutdown just kicks back the "help" file for shutdown as if my syntax is wrong... but I am entering it as it would have me enter it. Im missing something somewhere, I dont know what tho. Any suggestions?

Hum.. dunno.. I'd have to guess your syntax is indeed off since it prints help after...
Otherwise I dunno!

Ammo

Avenger_jcc:
yes, the shutdown command does work over TCP/IP, as long as there is NetBIOS name resolution (WINS, lmhost file, etc.). It still has to resolve the name to an IP, so that is a requirement, unless you use teh IP for the machine. ;)