One Liners: Remote Commands

One Liners: Remote Commands

Terminate a disconnected terminal services session: rwinsta 0 /server:%server%
Remotely reboot machine: shutdown /m \\192.168.1.1 /r /t 0 /f

Copy entire folder and its contents from a remote source to local machine: xcopy /s \\remotecomputer\directory c:\local
Get server uptime: systeminfo /s <server> | find /i "boot time"

WMIC Remote Queries

Remotely determine logged in user: wmic /node:remotecomputer computersystem get username
List running processes: wmic /node:remotecomputer process list brief
Determine open shares: wmic  /node:remotecomputer share list brief

Remotely display machine’s MAC address
wmic /node:machinename nic get macaddress

Remotely list running processes every second
wmic /node:machinename process list brief /every:1

Remotely display System Info
wmic /node:machinename computersystem list full

Disk drive information
wmic diskdrive list full
wmic partition list full

Bios info
wmic bios list full

List all patches
wmic qfe

Look for a particular patch
wmic qfe where hotfixid="KB958644" list full

Remotely List Local Enabled Accounts
wmic /node:machinename USERACCOUNT WHERE "Disabled=0 AND LocalAccount=1" GET Name

Start a service remotely
wmic /node:machinename 4 service lanmanserver CALL Startservice
sc \\machinename start lanmanserver

List services
wmic service list brief
sc \\machinename query

Disable startup service
sc config example disabled

List user accounts
wmic useraccount list brief

Enable RDP remotely
wmic /node:"machinename 4" path Win32_TerminalServiceSetting where AllowTSConnections=“0” call SetAllowTSConnections “1”

List number of times a user logged on
wmic netlogin where (name like "%adm%") get numberoflogons

Query active RDP sessions
qwinsta /server:192.168.1.1

Remove active RDP session ID 2
rwinsta /server:192.168.1.1 2

Remotely query registry for last logged in user
reg query "\\computername\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName