How to remotely restart NT server with port 139

                  Recently, many friends have asked me: If the remote management software is broken on NT machine, how can it be restarted? In fact, if the server's port 139 is open, restarting is very simple, the steps are as follows:

1, net use \\\\xxx.xxx.xxx.xxx\\ipc$ password /user:username
Create an IPC session
2, net use H: \\\\xxx.xxx.xxx.xxx\\c$
Map the other party's C drive to its own H drive

3, copy con h :\ eboot.bat
iisreset /reboot
CTRL+Z
A file that can restart the computer is generated on the other party's C drive

4, net time \\\\xxx.xxx. Xxx.xxx
Get the other party's time

5, at \\\\xxx.xxx.xxx.xxx The time to restart c:\ eboot.bat
The time to restart is equal to the time of the other party plus Minutes

6, at \\\\xxx.xxx.xxx.xxx
Look at the task plus no

7, etc...
above The three steps are only for WIN2K. If it is NT, you need to use a specific restart program. We can write a reboot.exe instead of reboot.bat. The principle is very simple. The code is as follows:
#include "stdio .h"
#include "windows.h"
int main()
{
//Define the time when the restart Message to all users
LPSTR msg="Reboot Tool By Lion Hook\ http://www.xici.net";
//Try to restart with the simplest API function
if(ExitWindowsEx (EWX_REBOOT, 0)) return TRUE;
if(ExitWindowsEx(EWX_REBOOT EWX_FORCE, 0)) return TRUE;
//Because the above restart is unsuccessful, you need to adjust the privileges of this process
HANDLE hToken
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES TOKEN_QUERY, &hToken)) return FALSE;
//Get the restarted privilege SE_SHUTDOWN_NAME
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &tkp.Privileges[0].Luid);
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES) NULL, 0);
//Determine whether the NT kernel or 9x kernel, select In a different way
if(!(GetVersion() & 0x80000000))
InitiateSystemShutdown(NULL, msg, 20, TRUE, TRUE);
else if (!ExitWindowsEx(EWX_REBOOT, 0)) < BR> if(!ExitWindowsEx(EWX_REBOOT EWX_FORCE, 0))
return FALSE;
return TRUE;
}