|
|||
|
|
|
| Home |
| About |
| Hobbies |
| Software |
| Hardware |
| ICT Hotlist |
| Purpose |
React:
ICT-Hotlist Topic
Back to the ICT-Hotlist...Disable a Windows (server) system.
Disable a Windows System remotely
Have you found a virus running on a computer but the antivirus is working hard to contain it? You advised the employee to shut down the computer immediately but noticed the computer has restarted giving red notifications on your antivirus dashboard again? Use this trick to remotely disable a Windows system so the user can not start up the system again and must return it to the ICT-department or local support.Pre Windows Vista
On Windows server 2003 and Windows server 2003 r2 (and Windows XP) you could disable a server by removing the NTLDR file from the C:\ root folder. Once the NT Loader file was removed by an administrator, the system will not boot.Windows Vista and newer
With Windows Vista and Windows server 2008 Microsoft introduced a new boot management system, so this trick will not work any more.Disable boot of a Windows server 2008/2012/2016/2019/2022 and Vista/7/8/10 and newer operating system
Warning: Use these steps at your own risk. Disabling Windows to boot makes the system unusable unless repaired using CD/DVD media
or WDS.
Windows bootmanager
Windows server 2008r2/2012R2/2016/2019/2022 and Windows 7, 8.1, 10 newer use the new bootmanager to describe the diskpartitions and operating systems to load. These partitions can be viewed by entering the command (admin rights required):
bcdedit
Next you have to remove all the partition references by using the command:
bcdedit /delete <Partition ID> /f
An actual example with the shutdown command issued:Warning: Use these steps at your own risk. Disabling Windows to boot makes the system unusable unless repaired using CD/DVD media
or
WDS.
C:\>bcdedit
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {default}
resumeobject {14f34e48-37c6-11e0-a3cd-d85edc162383}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \windows\system32\winload.exe
description Windows Server 2008 R2
locale en-us
inherit {bootloadersettings}
osdevice partition=C:
systemroot \windows
resumeobject {14f34e48-37c6-11e0-a3cd-d85edc162383}
nx OptOut
detecthal Yes
C:\>bcdedit /delete {default} /f
The operation completed successfully.
C:\>bcdedit /delete {bootmgr} /f
The operation completed successfully.
C:\>shutdown /s /t 00 /f
Warning: Remember to wipe or destroy data disks. This procedure only disables the booting of a system, the disks retain all the (privacy sensitive)
data.
Enterprise Mobile Device Management
If you have Intune, Workspace One, Endpoint Management or another MDM you can wipe or retire a device and install it again.
You may vote your opinion about this article:
Scripts and programming examples disclaimer
Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware. You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation. However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data. Make sure you have verified full backups and the associated restore software available before running any script or programming example. Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
