Remote connection to windows (using rcmd)

I recently was looking for remote command utility which would enable me to run various commands on other windows boxes. Thats when I came across Remote Command (rcmd : https://www.microsoft.com/MSPress/books/1394.asp ).

I remember rcmd provided in Unix machines. (man page for rcmd states: The rcmd() function is used by the super-user to execute a command on a remote machine using an authentication scheme based on reserved port num-bers. The difference in windows command is you don't need to be super-user, If you have valid accounts in both machines and they are connected over network you can use this.

 

Advantages:

    It allows me to run all commands just as if I am on the DOS prompt. Setting up was very easy. Refer: https://www.windowsitpro.com/Windows/Article/ArticleID/40048/40048.html)

   STDOUT and STDERR was redirected easily and I had no issues getting logs either at my controller or client machines.

   It uses default credentials if none are provided so the usages are handsoff and very maintainence friendly.

Disadvantage:

   Since RCMDSVC (service part which runs at each client) uses LOCAL SYSTEM credentials, it doesn't have any rights by default to use Network resources.  Of-course, there might be a way to circumvent it by running service under different credentials (say a user login), but I haven't tried that. Of-course companies should be disabling the rights to allow services to be run under different credentials to control migration of data.

   I have also seen RCMDSVC dying, hence it is a good idea to have restart of service when service stops as a default options.