Remote Administration


NTUtils programs may be run on the local machine, or they may be run against a remote machine. The remote machine does not require NTUtils to already exist on that machine.

When using NTUtils programs for remote administration, the machine on which the command is invoked is called the source computer, and the machine on which the command is executed is called the target computer. The source computer will copy the NTUtils program to the target computer and remotely invoke it.

Common Options

For consistency, all NTUtils programs accept the same options for remote administration:

-c [ --computer ] arg
-u [ --username ] arg
-p [ --password ] [arg]

If no user name or password is specified, the NTUtils program will attempt to log in using the default credentials. If a user name but no password is specified, the NTUtils program will attempt to log in using the default password associated with that user name.

The username and password should be for an account in the Administrators group. To be precisely correct, this is not actually required, but they do have to be for an account that allows network logins and installation and control of services - which by default is only the members of the Administrators group.

Security Note: Be aware that specifying a password on the command line makes it available to be easily seen by other programs.


The source computer may be running any NT-based OS.

The target computer has more complicated OS requirements: it may be running Windows NT 4, Windows 2000, or Windows 2003 Server. The target computer may not be running Windows XP Home. The target computer may be running Windows XP Professional if that computer is either a member of a domain or has turned off "simple file sharing".

Remote administration becomes complicated with Windows XP because of simple file sharing. Simple file sharing means that every user logging into that machine (via Windows Networking) over the network only receives Guest authentication instead of their actual user authentication. Since Guest users cannot run arbitrary programs remotely, NTUtils programs will fail. This "feature" is enabled by default in Windows XP Professional and cannot be disabled at all in Windows XP Home.

Networks and Network Logons

In Windows networks, a user is only supposed to log onto a remote machine once. The logon creates a network session, and then network connections are established using that session. (In reality, it is possible to have two network sessions to the remote computer if you use the computer name for one session and the computer IP address for the other). Creating a network connection with a different username than an existing session will result in an error.

A user may initiate a network session with a remote computer by establishing a network connection to the IPC$ share. This can be done with the command line net use \\COMPUTER_NAME (remember to escape the backslashes if you're using the Cygwin shell). The net use program will prompt for a username and password if necessary. NTUtils programs will recognize pre-existing network connections; the following bullet points define the behavior of NTUtils programs in every network connection scenario:

This predictable behavior of NTUtils programs allows for two common remote administration strategies:

How It Works

When an NTUtils program is instructed to run against a target computer, it will perform the following steps in order to execute remotely:

  1. Log in to the target computer, if necessary. Specifically, use Windows Networking to add a non-redirected network connection to \\computer\IPC$. IPC$ is a standard Windows share used for network logins.
  2. Copy the NTUtils program to the target computer. Specifically, do a normal CopyFile to \\computer\ADMIN$, renaming the file slightly. ADMIN$ is another standard Windows share that points to the base Windows directory, e.g., c:\windows or d:\winnt. The file name is not exactly the same to avoid conflicts in case a user has placed the NTUtils program in their Windows directory (which is not a recommended practice, BTW).
  3. Install the NTUtils program on the target computer as a service, and start it. This is done using the remote administration capabilities of the Service Manager API.
  4. The NTUtils program, when running as a service, will create a named pipe and wait for a connection.
  5. The NTUtils program on the source machine will connect to that named pipe and send the commands.
  6. The target NTUtils program performs the requested action, and reports any results back to the source NTUtils program.
  7. The source NTUtils program prints the results of the remote action.
  8. Cleanup, of course. Uninstallation of the service and deletion of the file on the target machine, and cancelling the network connection to \\computer\IPC$.

When It Messes Up

It is possible that some part of the NTUtils program will not properly operate when running remotely. However, all of the remote administration support code is designed to automatically recover from such failures or crashes. When an NTUtils program detects an improper pre-existing state, it will output a warning and continue; for example, when installing the service on the target machine, if the service is already installed, the NTUtils program will output a warning and then continue as though it had installed it (attempting to uninstall it when complete).

Possible causes for this type of failure include manual intervention, network errors, and multiple operators running the same NTUtils program remotely against the same target computer at one time. In this latter case, probably only one of the operators will see any warning or error messages, and there would be no lingering effects after both programs complete. It is possible in this situation that one of the programs will fail.


All passwords are sent only to the Windows Networking (WNet) API; they are not sent in cleartext over the network connection.

The NTUtils program's commands and responses are sent in cleartext. This may be changed in a future version.

Impersonation is used by the named pipe server, to ensure that no other program connecting to that named pipe may use it for a malicious purpose.