PowerShell takes the functionality of batch scripts to the next level and allows you to Remotely Lock & Shutdown computers using PowerShell.
The following needs to be run on each computer if using a workgroup setup. or changed in your AD security policy (to make it permanent – which isn’t advisable without signing the script)
https://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/
Enable-PSRemoting
Set-executionpolicy unrestricted
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "192.168.1.250" -Force
Get-Item WSMan:\localhost\Client\TrustedHosts
Restart-Service WinRM
The above does the following:Enable-PSRemoting
sets up the policies and firewalls to allow remote connections using powershellSet-executionpolicy unrestricted
changes the local execution policy to allow execution of all scripts (not just signed)Set-Item WSMan:\localhost\Client\TrustedHosts -Value "192.168.1.250" -Force
Adds server IP into the trustedhosts to allow executionRestart-Service WinRM
restarts windows remote management service
We are assuming that your server IP is 192.168.1.250, change as appropriate
Now to the actual shutdown code that will be run from our “Server”:
Function Get-MyCredential{
param(
[string]$username,
[string]$password
)
$secStr = new-object -typename System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secStr.AppendChar($_)}
return new-object -typename System.Management.Automation.PSCredential -argumentlist $username,$secStr
}
Function Lock-Machine{
param(
$machineName
)
& winrm set winrm/config/client `@`{TrustedHosts = `"$machineName`"`}
Invoke-Command -ComputerName $machineName -ScriptBlock { tsdiscon.exe console } -Credential (Get-MyCredential User Pa$W0rd)
}
Function Hibernate-Machine{
param(
$machineName
)
& winrm set winrm/config/client `@`{TrustedHosts = `"$machineName`"`}
Invoke-Command -ComputerName $machineName -ScriptBlock { &"$env:SystemRoot\System32\rundll32.exe" powrprof.dll,SetSuspendState Hibernate } -Credential (Get-MyCredential Administrator password)
}
Lock-Machine "192.168.1.84"
#Lock-Workstation "NameOfTheComputer" (Get-Credential)
Stop-Computer -ComputerName 192.168.1.85 -Force -Credential (Get-MyCredential User Pa$W0rd)