Forced shutdown of a remote nt/2k server
When restarting a remote NT based server from the gui, NT stops any remote administration service (eg WinVNC/PC-Anywhere/BO etc) that you have running. If the machine fails to reboot cleanly (say a dialog box appears during shutdown) and your remote administration service has stopped you are fuxored. I work from home most of the time and so I object to having to get dressed to go and see sick servers :).
To get around this problem I wanted to write a program to implicitly force a reboot from the command line. By 'force a reboot' I mean telling the system to shut down ignoring any dialog boxes, errors, tasks waiting to complete or other anomalies, and restart regardless. This was intended to be an application of last resort, but I have had it implemented on my own servers for a couple of months now and it has been so successful that I made it policy to do all server reboots using this command line app - rather than attempting a shutdown via the gui first.
Notes on the code
This program uses the windows APIs. Because of this you could write it in any number of languages, but the example below is given in Visual Basic. Also I can't take 100% credit for the code - A lot of the API stuff is cut and pasted from API reference sites such as www.vbapi.com, but I have stitched it all together, added comments and the command line interface.
If you're going to try to get this code working in VB you'll have to create a new project containing just one .bas module and add a reference to "Visual Basic for Applications". This is for the retrieval of command line parameters. Then copy and paste the code listed below into your module.
Retrieving the O/S type
This code is only meant to run on versions of WinNT. So first of all we have to have a little bit of sanity checking. Is this a WinNT box? We can use the GetVersionEx API to get the version of our target operating system. The IsWinNT() function populates the myos value (of OSVERSIONINFO type) with information about the target operating system. If the target system is an NT box the following statement (and therefore the IsWinNT() function) will return true:
Code:
Private Const VER_PLATFORM_WIN32_NT = 2
...
IsWinNT = (myOS.dwPlatformId = VER_PLATFORM_WIN32_NT)
Setting shutdown privileges for the current thread
Ok. Now we know that the target system is NT we need to set the priveledges on our application so that we can shut down the system. To do this we use the GetCurrentProcess, LookupPrivilegeValue and AdjustTokenPrivileges APIs. The EnableShutDown subroutine uses the GetCurrentProcess API to get the handle for the current process and assign that process with permission to shutdown the system. I won't go into this too much here because I document this rather heavily in the code.
Retreiving user input from the command line
Sub main splits command line parameters, which are stored in the command$ variable, into an array using space as the deliminator. The code checks for two parameters, the action (valid options are logoff/reboot/shutdown prefaced by either - or /) and a boolean force variable (similarly prefaced) that decides whether or not to force the selected action. This bit of the code requires a reference to Visual Basic for Application so as to access the script host.
Forcing a reboot
The ShutDownNT procedure accepts the Flags parameter that specifies the action to be taken. The actual action taken by the ExitWindowsEx API contained in the ShutDownNT procedure is defined by assigning the sum of the following constants to the passed Flags variable:
Code:
Private Const EWX_LOGOFF = 0
Private Const EWX_SHUTDOWN = 1
Private Const EWX_REBOOT = 2
Private Const EWX_FORCE = 4
So for example the flags required for a forced reboot would be:
Code:
Private Const EWX_LOGOFF = 0
Private Const EWX_SHUTDOWN = 1
Private Const EWX_REBOOT = 2
Private Const EWX_FORCE = 4
...
flags = (EWX_FORCE + EWX_REBOOT)
'or flags = 4 + 2
The code!
Code:
Option Explicit
Private Const action_REBOOT = 1
Private Const action_LOGOFF = 2
Private Const action_SHUTDOWN = 3
'API constants
Private Const EWX_LOGOFF = 0
Private Const EWX_SHUTDOWN = 1
Private Const EWX_REBOOT = 2
Private Const EWX_FORCE = 4
Private Const TOKEN_ADJUST_PRIVILEGES = &H20
Private Const TOKEN_QUERY = &H8
Private Const SE_PRIVILEGE_ENABLED = &H2
Private Const ANYSIZE_ARRAY = 1
Private Const VER_PLATFORM_WIN32_NT = 2
'API structures
Public Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type
Public Type LUID
LowPart As Long
HighPart As Long
End Type
Public Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Public Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type
'API Declarations
Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" _
(ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, _
TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" _
Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, _
ByVal lpName As String, lpLuid As LUID) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" _
(ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, _
NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, _
PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Private Declare Function ExitWindowsEx Lib "user32.dll" _
(ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Private Declare Function GetVersionEx Lib "kernel32.dll" _
Alias "GetVersionExA" (ByRef lpVersionInformation As OSVERSIONINFO) As Long
Sub Main()
Dim a_strArgs() As String
Dim i As Integer
Dim Force As Boolean
Dim Action As Integer
Dim Flags as Long
'Sanity checking to see if the target system is NT
If IsWinNT = True Then
'Reset system variables
Force = False
Action = 0
'Split the contents of the command$ variable into the a_strArgs array
'using [space] as the deliminator.
a_strArgs = Split(Command$, " ")
'Iterate throught the a_strArgs array
For i = LBound(a_strArgs) To UBound(a_strArgs)
Select Case LCase(a_strArgs(i))
Case "-logoff", "/logoff"
Action = action_LOGOFF
Case "-reboot", "/reboot"
Action = action_REBOOT
Case "-shutdown", "/shutdown"
Action = action_SHUTDOWN
Case "-force", "/force", "/f", "-f"
Force = True
Case Else
Exit Sub
End Select
Next i
End If
'If an action has been set then enable the shutdown priveledges
'on this process
If Action > 0 Then
EnableShutDown
Else
'No action has been selected so terminate
Exit Sub
End If
'Calculate the sum of the required flags and pass this as a
'parameter to the ShutDownNT procedure.
if force = true then flags = EWX_FORCE
Select Case Action
Case action_LOGOFF
flags = flags + EWX_LOGOFF
ShutDownNT(flags)
Case action_REBOOT
flags = flags + EWX_LOGOFF
ShutDownNT(flags)
Case action_SHUTDOWN
flags = flags + EWX_LOGOFF
ShutDownNT(flags)
End Select
End Sub
Public Function IsWinNT() As Boolean
Dim myOS As OSVERSIONINFO
'I think I pretty much covered this above
myOS.dwOSVersionInfoSize = Len(myOS)
GetVersionEx myOS
IsWinNT = (myOS.dwPlatformId = VER_PLATFORM_WIN32_NT)
End Function
'set the shut down privilege for the current application
Private Sub EnableShutDown()
Dim hProc As Long
Dim hToken As Long
Dim mLUID As LUID
Dim mPriv As TOKEN_PRIVILEGES
Dim mNewPriv As TOKEN_PRIVILEGES
'Get the process ID of the this process
'and place it in the hproc variable
hProc = GetCurrentProcess()
'Open the hProc process and lookup the
'SeShutdownPrivilege value
OpenProcessToken hProc, TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY, hToken
LookupPrivilegeValue "", "SeShutdownPrivilege", mLUID
'Create a new set of priveledges in the mPriv variable
'of token priveledges type
mPriv.PrivilegeCount = 1
mPriv.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
mPriv.Privileges(0).pLuid = mLUID
' enable shutdown privilege for the current application
AdjustTokenPrivileges hToken, False, mPriv, _
4 + (12 * mPriv.PrivilegeCount), mNewPriv, _
4 + (12 * mNewPriv.PrivilegeCount)
End Sub
' Shut Down NT
Public Sub ShutDownNT(Flags as Long)
ExitWindowsEx Flags, 0
End Sub
If you want to get a copy of this app without the bother of compiling it yourself you can download a zipped copy from my public FTP server at ftp://195.8.181.206/SimonSoft/shutdown.zip
Whilst every care is taken to ensure that files on this FTP are virus and error free you are advised to scan any files you download. Usage is entirely at your own risk. If you use any other software from this server and intent to keep it please support it's creators by buying a valid licence.
If you enjoyed this tutorial have a look at these:
Scripting Internet Connections Under Window$
Securing an installation of IIS 4. (No, seriously)
Remote DSN Connections, using WinAPIs and the registry