Stefan G. Weichinger
2020-Dec-16 09:55 UTC
[Samba] Shutting down a remote PC via "net rpc"
Am 14.12.20 um 19:17 schrieb Stefan G. Weichinger via samba:> > > customer runs a Windows 2019 DC in Subnet 192.168.0.0/24, Domain "ourdom" > > - > > Samba 4.9.5-Debian as domain member, in same subnet. Works fine. > > - > > The kid's PC is domain member in a separate VLAN "kids" ;-) > > The wish: a cron job should shut down that kids PC every 5 minutes > between X and Y o'clock. > > The following bash script failed with "could not initialise pipe > \winreg. Error was NT_STATUS_OBJECT_NAME_NOT_FOUND" > > while the same command *worked* when executed in the shell. > > I now enforced the "Remote Registry" service on the kids PC. > > when I run it via bash script: > > "Shutdown of remote machine failed" > > 5 seconds later as shell command: > > "Shutdown of remote machine succeeded" > > Any ideas, why? Why not? > > login shell vs. non-login shell? > env variables? > > I am also happy if anyone points me to something more modern or elegant: > > define it in a GPO on the DC? ... or anything like that. > > -> script: > > # cat pc_shutdown_schedule.sh > > #!/bin/bash > > > > net rpc shutdown -C "PC-Zeit ist von Montag bis Freitag von 16.00 Uhr > bis 18.30 Uhr. Am Wochenende von 9.00-11.00 und von 17.00 bis 18.30 Uhr. > PC f?hrt in wenigen Sekunden herunter." -t 60 -f -I 192.168.3.99 -U > 'administrator%Something67//' -W ourdom*bump*
On 16/12/2020 09:55, Stefan G. Weichinger via samba wrote:> Am 14.12.20 um 19:17 schrieb Stefan G. Weichinger via samba: >> >> >> customer runs a Windows 2019 DC in Subnet 192.168.0.0/24, Domain >> "ourdom" >> >> - >> >> Samba 4.9.5-Debian as domain member, in same subnet. Works fine. >> >> - >> >> The kid's PC is domain member in a separate VLAN "kids" ;-) >> >> The wish: a cron job should shut down that kids PC every 5 minutes >> between X and Y o'clock. >> >> The following bash script failed with "could not initialise pipe >> \winreg. Error was NT_STATUS_OBJECT_NAME_NOT_FOUND" >> >> while the same command *worked* when executed in the shell. >> >> I now enforced the "Remote Registry" service on the kids PC. >> >> when I run it via bash script: >> >> "Shutdown of remote machine failed" >> >> 5 seconds later as shell command: >> >> "Shutdown of remote machine succeeded" >> >> Any ideas, why? Why not? >> >> login shell vs. non-login shell? >> env variables? >> >> I am also happy if anyone points me to something more modern or elegant: >> >> define it in a GPO on the DC? ... or anything like that. >> >> -> script: >> >> # cat pc_shutdown_schedule.sh >> >> #!/bin/bash >> >> >> >> net rpc shutdown -C "PC-Zeit ist von Montag bis Freitag von 16.00 Uhr >> bis 18.30 Uhr. Am Wochenende von 9.00-11.00 und von 17.00 bis 18.30 >> Uhr. PC f?hrt in wenigen Sekunden herunter." -t 60 -f -I 192.168.3.99 >> -U 'administrator%Something67//' -W ourdom > > *bump* > > >Never done this, but does the user you are running the crontab by have the SeRemoteShutdownPrivilege ? Also, you may have to use the full path to 'net' Rowland
On 16/12/2020 09:55, Stefan G. Weichinger via samba wrote:> Am 14.12.20 um 19:17 schrieb Stefan G. Weichinger via samba: >> >> >> customer runs a Windows 2019 DC in Subnet 192.168.0.0/24, Domain >> "ourdom" >> >> - >> >> Samba 4.9.5-Debian as domain member, in same subnet. Works fine. >> >> - >> >> The kid's PC is domain member in a separate VLAN "kids" ;-) >> >> The wish: a cron job should shut down that kids PC every 5 minutes >> between X and Y o'clock. >> >> The following bash script failed with "could not initialise pipe >> \winreg. Error was NT_STATUS_OBJECT_NAME_NOT_FOUND" >> >> while the same command *worked* when executed in the shell. >> >> I now enforced the "Remote Registry" service on the kids PC. >> >> when I run it via bash script: >> >> "Shutdown of remote machine failed" >> >> 5 seconds later as shell command: >> >> "Shutdown of remote machine succeeded" >> >> Any ideas, why? Why not? >> >> login shell vs. non-login shell? >> env variables? >> >> I am also happy if anyone points me to something more modern or elegant: >> >> define it in a GPO on the DC? ... or anything like that. >> >> -> script: >> >> # cat pc_shutdown_schedule.sh >> >> #!/bin/bash >> >> >> >> net rpc shutdown -C "PC-Zeit ist von Montag bis Freitag von 16.00 Uhr >> bis 18.30 Uhr. Am Wochenende von 9.00-11.00 und von 17.00 bis 18.30 >> Uhr. PC f?hrt in wenigen Sekunden herunter." -t 60 -f -I 192.168.3.99 >> -U 'administrator%Something67//' -W ourdom > > *bump* > > >net rpc shutdown -C "MESSAGE" -t 60 -f -I HOSTNAME -UAdministrator%'PASSWORD' -W DOMAIN Works for me here from the command line, from a bash script and the same script from cron. The tested PC is Windows 10 Ent. The only quoting used is on the password as it contains a pipe sign, amongst other non alphabetics. Mike. -- Michael Howard