Builtin NT (and 2000/2003/XP) remote access


There have been a few times when I needed to get to some files or run some jobs on a windows (NT/2000/2003/XP) machine and had administrative access on the domain but VNC/Remote Desktop enabled on the machine, viagra dosage
these times would often result in me driving to the site to do some tinkering for a short period of time followed by another drive back. After some time, buy more about
I learned to use the built-in NT network services to my advantage. The first step in gaining access to a machine is to authenticate with the machine via ipc$ share to gain access to further NT services:

NET USE IPC$ /user:

Next, ask
we can browse/modify files on the remote machine by doing:

COPY C$somefile someotherfile

At this point, we can copy something like VNC onto the machine and then we can add a registry entry remotely (this can sometimes also be done by using REGEDIT and connecting to a remote registry) using the REGINI command:

REGINI –m ip file_to_add.ini

Finally, we can reboot the machine using shutdown (sloppy method) or use AT (and Scheduler) to schedule a service start:

SHUTDOWN –m ip /R /Y /T:0 /C


NETSVC ip schedule /start

AT ip “”

(NET TIME ip will tell you what the time on that machine currently is.)

There is the possibility for mischief here, but these tools also come in pretty handy when driving out to the machine is just too much of a pain in the ass.

One thought on “Builtin NT (and 2000/2003/XP) remote access

  1. Pingback: μblog: engineering from the trenches » Remote enabling of remote desktop redux

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>