Windows

Backdoor ways to reboot a Windows server

IT pro Rick Vanover shares a number of tricks for rebooting a server when you can't simply go to the Start Menu in Windows.

When you need to reboot a Windows server, you'll occasionally encounter obstacles to making that happen. For instance, if remote desktop services aren't working, how can you reboot the server? Here is a list of tricks I've collected over the years for rebooting or shutting down a system when I can't simply go to the Start Menu in Windows.

  • The shutdown.exe command: This gem will send a remote (or local) shutdown command to a system. Entering shutdown /r /m \\servername /f /t 10 will send a remote reboot to a system. Shutdown.exe is current on all modern Windows systems; in older versions, it was located on the Resource Kit. For more details, read this Microsoft KB article on the shutdown.exe command.
  • PowerShell Restart-Computer: The equivalent of the command above in PowerShell is:

    Start-Sleep 10

    Restart-Computer -Force -ComputerName SERVERNAME
  • Hardware management device: If a device such as an HP iLO or Dell DRAC is in use, there is a virtual power button and remote screen console tool to show the system's state regardless of the state of the operating system. If these devices are not configured with new servers, it's a good idea to have them configured in case the mechanisms within the operating system are not available.
  • Virtual machine power button: If the system in question is a virtual machine, all hypervisors have a virtual power button to reset the system. In VMware vSphere, be sure to select the option to Shut Down The Guest Operating System instead of the Power Off; this will make the call to VMware Tools to make it a clean shutdown. If that fails, the Power Off button will be the next logical step.
  • Console walkthrough: In the situation where the server administrator does not have physical access to the system, walking someone through the process may be effective. For security reasons, basically a single user (domain or locally) can be created with the sole permission of rebooting the server. That person could log on as this temporary user, and then it is immediately destroyed after the local shutdown command is issued. Further, that temporary user could be created with a profile to run the reboot script on their logon to not have any interaction by the person assisting the server administrator.
  • Configure a scheduled task through Group Policy: If you can't access the system in any other mainstream way -- perhaps the Windows Firewall is turned on and you can't get in to turn it off -- set a GPO to reconfigure the firewall state and slip in a reboot command in the form of the shutdown.exe command executing locally (removing the /m parameter from above). The hard part will be getting the GPO to deploy quickly.
  • Enterprise system management packages: Packages such as Symantec's Altiris and Microsoft System Center agents communicate to the management server and can receive a command to reboot the server.
  • Pull the plug: This is definitely not an ideal approach, but it is effective. For physical servers, if a managed power strip with port control is available, a single system can have its power removed and restored.

What other backdoor ways have you used to reboot a Windows server? Share your comments in the discussion.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

28 comments
noxigen
noxigen

A tool called System Frontier let's you centrally delegate rights to reboot servers using role based access control. It's very easy to setup and maintain. http://systemfrontier.com

h_guinez
h_guinez

You can also send a taskkill to one of the core processes of windows (to svchost for example). This will display an error message to the server telling you that it will restart in 60 seconds and force it to reboot. Maybe sending the taskkill to lsass.exe also will work, but I don't remember very well. taskkill -s -im svchost.exe -f Remember, with this you're forcing to cause an error.

info
info

An Easy Shutdown command line is:- click on run and type shutdown /i You can do this through the command prompt as well. You will get a gue and you can add an IP Address or the computers name. You can select to alert users of the machine or just kill the machine with no worning. I find this the easy's way as long as you have remote access to a PC on the network.

michel
michel

because if it is not battery-backed, you risk having to rebuild the whole volume at first backup..

rcfoulk
rcfoulk

Go to a server DOS command window and type in "shutdown /?" to view the options. I use this a lot and it is helpful for remote administration. However some of your parameter descriptions are not quite correct.

Minion
Minion

We have some PCs that frequently won't respond to shutdown or logoff commands. Wizmo from GRC.com is great. Create an shortcut to Reboot, Logoff, Shutdown, hibernate, standby, lock, or blindlock (interesting feature). Also has "Do it NOW" option for stubborn processes that won't close. Now i use it on all PCs and servers.

nonimportantname
nonimportantname

when using the shutdown.exe for stubborn server processes that simply will not croak when the command is issued. I'll have to try out the sysinternals command, never thought about it. Nice info.

d_blair
d_blair

1. Configure the OS to react to the power button being pressed by shitting down. That way when you phone the caretaker/janitor he doesn't even have to log on, just press once to shut down, then again to start-up again. 2. If the system has a BMC like many do these days, you can send "ipmitool power soft" to emulate the power button being presssed.

Sean Morgan
Sean Morgan

1. Open Computer Management (Local) (e.g., right-click My Computer > Manage) 2. In the console tree, right-click Computer Management (Local), and then click Connect to another computer. 3. In the Select Computer dialog box, click Another computer, type the name of the computer that you want to restart or shut down, and then click OK. You can also click Browse to search for the name of the computer. 4. In the console tree, right-click Computer Management (Remote computer name), and then click Properties. 5. On the Advanced tab, click Startup and Recovery. 6. Click Shut Down to open the Shut Down dialog box. 7. Under Action, select the actions you want to perform on the computer to which you are connected. 8. Under Force Apps Closed, select the circumstances under which you want to force applications to close when you shut down or restart the computer, and then click OK.

raymosely
raymosely

Whenever I use remote Computer Management to shut down the Windows Firewall service on a Win 7 computer on a domain, I lose contact with that computer. Does the firewall default to total blocking when shut down on Win 7?

raymosely
raymosely

I typically use shutdown -i from another machine. Used for rebooting workstations and servers. The -i switch opens an intuitive GUI.

nwallette
nwallette

Press the power button. This should send an ACPI event to the OS for a graceful shutdown. I've noticed on Win2k3 at least that I have to press CTRL+ALT+DEL. As soon as the login window comes up, it'll start shutting down. In our case, the servers were all in a private data center protected by key cards, so the Shutdown button was enabled without logging in. This probably contributed to the success of this method. When we lost power (which happened relatively often), we could use the 5 min. of UPS time to KVM between servers, hit the power button, and give them the salute before running out of battery power.

jkiernan
jkiernan

Occasionally, our main ERP app would crash on the terminal server and be inoperable until a reboot. I wrote an ASP page on the company intranet to allow a remote reboot. The Win32Shutdown WMI class method is quite handy.

robo_dev
robo_dev

The tricky part can be how to bounce the power to the server. Personally I've used either the APC master-switch or a Trendnet power controller. The company called Dataprobe makes a product called 'iboot' that does the same thing. The APC master-switch is a nice rack-mount eight-outlet power controller with a nice web interface. You can buy them used on Ebay for less than $100. For those on a 'beer budget' it's possible to put together an X10 based solution for around $40, but it requires a separate PC to run for the X10 controller app.

Cmd_Line_Dino
Cmd_Line_Dino

pskill csrss or pskill \\server csrss (pskill from SysInternals) as a last resort when all the other methods are not working. The system will bluescreen and if properly configured reboot. I prefer this to an abrupt power cycle which just might fail to power on.

jruby
jruby

But then, they have a tool for everything :). PSShutdown works a lot like the shutdown command but has some additional control that can be useful. I think the PSTools suite is the best set of applications MS ever bought!

famigorena
famigorena

RemoteExec enables you to remotely power off, reboot or shutdown Windows systems, wake up computers equipped with Wake-On-LAN technology and lock or close user sessions: http://www.RemoteExec.com

jakesty
jakesty

I use SHUTDOWN all of the time, but I don't use the '/' I use a '-' dash or minus sign. ex. shutdown -f -r -m \\SERVER -t 01

b4real
b4real

So, it is good to have a good resource of all the different ways to "GET R DUN"

JamesRL
JamesRL

About 15 years ago, I set up a network of kiosks. To remote reboot, we installed a telephone line and an X10 controller that would answer a phone call. We programmed it with a PIN, you would call enter you pin, and then it would drop the power and bring it back up 30 seconds later. Saved us many service calls.

drbayer
drbayer

This is clever, but being configured to reboot on blue screen is not necessarily proper configuration, although it is the default configuration. Depending on the system in question I have been known to disable this for analysis purposes.

tsadowski
tsadowski

Those of us that have been around for a while may remeber the malware that killed lsass.exe, causing the system to reboot. I was recently faced with a system that steadfastly refused to reboot, shutdown, or even log off, completely ignoring that I issued the commands, either from start, ctrl-alt-delete, and shutdown.exe. So I used pskill to terminate the lsass.exe process, effectively issuing a reboot command with 30 second timeout. One could also issue this command or any other command-line commands by using psexec to launch cmd.exe over the wire.

drbayer
drbayer

If you need it, you can demonstrate your remote-admin kung-fu using psexec. Use it to start a command shell on the remote machine, and you can modify the firewall rules on the remote machine from the command line. I've used it to allow remote management, remote desktop, and similar tools when I needed to.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

PS tools is a very capable tool suite and it is very handy that they are free! Bill

CharlieSpencer
CharlieSpencer

My apologies for hitting the spam button. The above post is clearly on topic.

Editor's Picks