Pstools

http://technet.microsoft.com/en-us/sysinternals/default.aspx

Sysinternals was a company founded by one person. They made awesome software that was able to meddle with intricate windows stuff… so, M$ bought it 🙂 (kinda expected)

Anyway, the point of this post is basically psshutdown.exe. This exe is kinda neat. It lets you Shut Down, restart, standby, hibernate and do other things to your computer and even a remote computer. M$’s shutdown.exe that comes bundled with all comps cannot standby or hibernate (it can do the other things on a remote system too, but it uses the same account credentials as the user running it even on the other system… and that user needs to be admin on the remote system)

The other way to accomplish standby and hibernate is to do this

rundll32 powrprof.dll SetSuspendState Hibernate
rundll32 powrprof.dll SetSuspendState Standby

Programmatically, there will be a Win API exposure to powrprof…

But coming back to psshutdown, the way I think (and proved) it works is

1. It takes in username/password of remote system from command line

2. Uses windows share to copy itself (actually a smaller copy with some other name) onto the remote system’s system32 folder… (another fun thing here to be described in another post)

3. Registers this copied exe as a service and starts it to do stuff

Seems like a long way to do things right? Yeah, I guess it is… there is also something called WMI… but that needs special firewall exceptions (Atleast with the group policy that I am working with)… if you use WMI, then Win32_OperatingSystem or Win32_Process can be used… again, the Win32_OperatingSystem Win API Class does not let you standby or hibernate… so use process to do the rundll32 thing….

It took me ONE FULL FREAKING DAY to figure that out… (that and the fact that I almost had a fully functional WMI apsx page and then decided not to use that… and was then told to use psshutdown… and then continued and found out this 🙂 )

3rd day 🙂