April 3rd, 2003, 07:31 AM
Remote Procedure Call
A freind of mine restarted my PC remotely about a week ago.
I got a message saying there was some kind of error and the computer would be reset in 30 seconds.
Is anyone familiar with this WINxp command and service, Its seems very intersting to me and would be very appreciative if someone could shed some light on this topic and how it happened.
April 3rd, 2003, 11:17 AM
With local administrator access remotely (or as a member of a group with "Shut the computer down remotely" right), it's possible to shut down or restart a machine. This works on NT4 and 2000 (hence I imagine also XP pro)
There is an API to do this, I can't remember it. On NT4, you can do it although there are no tools that ship with it (there is a tool called shutdown.exe in the NT server res kit)
Under win2k (And I assume XP pro also), under the "Computer management" MMC applet, it's possible to remotely shutdown or reboot machines, although the option is hidden rather deep and not where you'd expect.
This is a standard function provided by the "Server" service. To stop people from using it, either:
- Don't run "Server" or
- Firewall the ports necessary (probably 139 or 445) or
- Don't give the users "Shut down the machine remotely" rights or
- Don't give them accounts at all
And as ever ensure the guest account is not enabled.