Beyond Logic

BeyondExec - Spawn Processes and/or
Shutdown Remote Windows NT/2000/XP WorkStations.

Have you ever wanted to run a process such as an application installer/setup, service pack, virus definition update etc on a group of target computers without having the burden of installing any remote client on your target computers?

Perhaps you have needed to Shutdown, Powerdown, Reboot, Suspend, Hibernate, LogOff or Lock a large number of workstations at the one time or at certain times from a scheduler and give the user notice and the ability to cancel the operation beforehand?

BeyondExec offers the following flexibility -
  • General
    • Zero set-up time. Simply run the single 110kb utility from the command line.
    • Omits the need to install client software on remote machines.
    • Secure. No open TCP/IP ports - utilises already existing SMB named pipes to minimise security risks.
    • Works with a single remote computer or groups of multiple remote computers.
    • Multiple computer support is handled by multi-threaded routines speeding up the issuing of jobs.
    • Command line utility allowing scripting and automation of tasks from batch files or schedulers.
    • Each workstation allows 3 simultaneous sessions.
    • Supports renamed Administrator accounts & renamed Administrators groups for added security.
  • Run Remote Processes
    • Allows processes to run in either the system or administrator's account.
    • Can allow or deny processes the right to interact with the logged on user (Desktop).
    • Ability to run processes with Above Normal, Below Normal, High Priority, Idle, Normal priorities.
    • Push Windows Hot Fixes/Service Packs/Virus Definition updates out to remote computers etc.
    • Use with the Command Line Process Viewer to View, Kill, Suspend or adjust the priorities of processes on remote computers.
    • or Use with the Console Computer Information Utility for 2000/XP to view/log Specifications of Remote Computers.
    • Option to terminate rogue processes after a specified number of seconds.
  • Remote Shutdown
    • Ability to shutdown groups of computers (for example at close of business to save on power.)
    • User can be given notification of shutdown and the option of cancelling (if permitted - Default).
    • Shutdown dialog will appear on active window, should it be the login window, login screen saver, logged in users desktop, or on a locked workstation.
    • The shutdown process will be identical regardless if a user is logged in or not.
    • A process can be executed prior to shutdown. E.g. you could gracefully shutdown important programs (open databases) using the Command Line Process Viewer before forcing a shutdown on less important applications.
    BeyondExec V2.05 - Spawn Remote Processes on Windows NT/2000/XP WorkStations.
    Copyright(C) 2002-2003
    Usage: terminal \\computer [-options] [program/arguments]
            -u    Administrator Account Name on Remote Machine.
            -p    Administrator Password.
            -s    Use System Account.
            -i    Allow Process to Interact with Desktop.
            -t    Terminate Process after x Seconds.
            -q    Priority. Use {AboveNormal, BelowNormal, HighPriority,
                                 Idle, Normal, Realtime}
            -c    Copy File to Remote Computer before Executing. (Default Security)
            -cs   Copy File to Remote Computer before Executing. (Set Security)
            -w    Don't wait for Process to Finish, Return Immediately.
            -b    Bypass Remote Driver Checks. (Assumes Driver is Already Running.)
           Shutdown Options.
            -d    Down Computer, e.g. -d Shutdown.
                   Use {Shutdown|PowerOff|Reboot|Suspend|Hibernate|...
            -f    Force Applications to Terminate.
            -m    Message for Display to User.
            -l    Duration to Display Message for. Default is 60Sec
            -x    Prevent user from Cancelling Shutdown. (Grey Out Button)
            -n    Ignore Computers in Use.
           Multiple Computers
            -g    Use Multiple Computers Specified by a Group File.
            -r    Stop and remove the Beyondexec Driver on Remote Computers.
Executing remote processes

To execute a process on a remote machine the command line parameters takes on the following format

	beyondexec \\computer [-options] [program/arguments]

where \\computer is the name of the target computer followed by any switches and the program to be executed. Any switches or command line parameters after the specified program is assumed to belong to the remote process and will not effect the functioning of Beyondexec.

Alternatively you may have a requirement to run the same task on multiple computers. A group file can be specified containing the names of the computers you wish to target. In this case the command line takes on the following format,

	beyondexec -g computers.grp [-options] [program/arguments]

where computers.grp is a plain text file containing the name of each computer listed on a new line.

If a program or remote process is not specified, the command line interpreter (cmd.exe) is spawned allowing the user to access the remote computer simular to that of a telnet session. e.g.

	C:\>beyondexec \\neptune

	BeyondExec V2.05 - Spawn Remote Processes on Windows NT/2000/XP WorkStations.
	Copyright(C) 2002-2003
	[neptune] BeyondExec service already installed on remote machine.
	[neptune] Command Successfully Issued to neptune on Pipe 1.
	[neptune] Process started, ProcessID = 1444, ThreadID = 1440
	Microsoft Windows 2000 [Version 5.00.2195]
	(C) Copyright 1985-2000 Microsoft Corp.


	Volume in drive C is Win2k
	Volume Serial Number is E43E-47F3

	[neptune] Process terminated with exit code 0 after 00:00:23.922s

If beyondexec is not executed with in an account that has the same administrative username and password than on the remote computer, a standard windows networking dialog box will appear asking for a username and password for an account that has administrator rights on the remote computer. As this action will halt beyondexec until a password is entered, it is not suitable for batch jobs. For batch jobs a user account and password can be specified in clear text using the -u and -p switches.

Beyondexec defaults to running the process in the account it uses to connect. e.g. if you connect to the remote computer using the administrator account, the process will run in the administrator account on the remote machine. If there is a need to run the process in the context of the system account (NT AUTHORITY\SYSTEM) you can specify the -s switch. By default the process cannot interact with the desktop or user. Specifying -i allows the process to be interactive permitting the display of windows and dialogs. Care should be taken using this option as the currently logged in user can take control of the process which can be running at elevated system or administrative rights.

To prevent rouge processes from sitting zombie on remote machines, a timeout can be specified. If the process is still executing (perhaps waiting for user input etc) after this period it will be terminated. This option is specified using the -t switch followed by the number of seconds (Max Value 4,294,967,296 seconds ~136 years.) By default, Beyondexec will wait for a process to finish before returning control on the initiating computer. To prevent beyondexec from waiting for the process to finish, the -w switch can be used.

Quite often you may want to run a process which isn't installed or on the filesystem of the remote machine. One option is to use net use \\computer drive: to map a drive to an external location. Another option is to get beyondexec to copy the file to the remote computer for you. Specifying the -c switch will do just this, copying the file to \\[Computer]\ADMIN$\temp\ on the remote computer and executing it from this location. ADMIN$ is \winnt or \windows depending if you have Windows 2000 or Windows XP respectively.

Shutdown Options

The shutdown options can be used in conjunction with executing a remote process, or it can be specified as a standalone event. When specified with a process, the remote computer will attempt to shutdown/reboot/log off etc once the specified process terminates, or if the process exceeds the time period granted (-t). If a shutdown option is specified without a remote process, the shutdown event will occur immediately. This is useful for shutting down groups of computers.

The shutdown method is specified by the -d [action] switch. Valid options are shutdown, reboot, suspend, hibernate, logout and lockworkstation all case insensitive. The shutdown option will attempt to powerdown your computer should it support power management. The suspend and hibernate options only function as desired if your hardware and OS is set up to support it. The lock workstation option is included as some organisations have policies to lock workstations in the event of the fire alarm etc preventing the thief of sensitive data. LockWorkstation, Suspend & Hibernate functions are not supported on Windows NT 4.

The shutdown option will issue quit messages to applications causing them to ask to save files etc. Quite often some machines can be consumed with zombie processes which need a little more of a kick to kill them. If this is the case the -f switch can be used in conjunction with -d to force applications to cancel. This option should be used with caution to prevent losing un-saved work, but can guarantee the computer will successfully terminate any non responsive applications.

Beyondexec has a option to inform the user about the shutdown action in progress using the -m switch. This could include messages such as "A new virus definition file has been installed on your workstation. Please reboot your computer as soon as possible so these new signatures can take effect" or you could use a scheduler to send the "Due to large increases in electricity prices, staff are reminded to switch their computers of at night" message at 6pm each night. If the user has already gone home, but left their workstation on it would be shutdown to conserve power. Should a user be working back late, they can click the cancel button and continue working. Alternatively you may choose to add the -n switch which ignores computers which have logged on users. With this switch you can shutdown all your idle computers without annoying other users who are logged in.

The shutdown message is displayed to logged on users for a default of 60 seconds. This gives the user the option to cancel the shutdown and continue working. If no user is currently logged into the workstation, the dialog box will appear in front of the login screen so confusion doesn't occur if a user logs in and finds the workstation reboots during the log in process. The length of time the dialog is displayed for can be specified in seconds after the -l switch. If a zero is specified, the dialog box is inhibited and the shutdown action occurs immediately without the user granted the option of cancelling the action.

Are you looking for a simular shutdown utility for use with a scheduler on the local computer? If so, look no further than the Beyond Logic Shutdown Utility for NT/2000/XP. By popular demand, we have extracted the shutdown module of BeyondExec and placed it in it's own 45kb executable for standalone use. Just the thing to replace the shutdown.exe utility found in the Windows 2000 Professional Resource Kit or in Windows XP.

Running with Multiple Computers

With the introduction of BeyondExec version 2 comes support for multiple computers. Prior multi-computer support was limited to batch files which didn't multithread and consequently took long periods of time as each target machine was sequentially interrogated. Long delays were especially evident when interrogating machines that were switched off. The multithreading support in version 2 will talk to up to 10 computers simultaneously significantly speeding up group batch jobs.

Multiple computer support comes in the form of a group file. This is nothing more than a text file which includes the name of each computer on a new line. This gives the flexibility to have multiple group files such as accounts.grp, dispatch.grp or lab88.grp etc. Text files can also be stored with the Beyondexec executable on network drives which can be accessed at multiple workstations. Competing software often requires the use of a network browser to select each computer and saves it in the registry decreasing flexibility and portability between machines.


When BeyondExec is used with a remote computer for the first time, it copies and installs a service on this computer. This service is rexesvr.exe which can be found in /system32/. Should for any reason you want to remove this service from the remote computer you can use the -r option.

It can also be specified on the command line along with a process to execute. In this case, the service is installed, the desired application executed and the driver removed without a trace. Note however if you specify this option in conjunction with a shutdown action, then the driver will be stopped before the shutdown action can complete.

Permanent Installations

By default this service is not automatically started upon each boot. However in situations where it is frequently used, it may be permanently installed on the remote computer and scheduled to start on each boot. The -b switch can then be used to bypass the checking and installation of the driver saving time.

Trouble Shooting
    Communication with remote machines

    The InoculateIT virus scanner (versions 4.0, 4.5, 6.0 on WinNT, Win2000, WinXP) will effect the correct operation of outgoing named pipes on the host (initiating PC) causing a message simular to

    	[mars] Cannot open \\mars\pipe\beyondexec-dispatch
    	[mars] BeyondExec service not running on remote computer or
    	[mars] remote computer is unavailable.


    	[mars] Cannot open \\mars\pipe\beyondexec1-stdin
    	[mars] Error 0xE7 : All pipe instances are busy.

    The scanner doesn't effect the operation of the beyondexec service on the remote computers, thus the scanning of outgoing files can be suspended on the workstation/server you intend to initiate jobs from.

    This is a bug with InoculateIT. Computer Associates has released a driver patch for InoculateIT which fixes this named pipe handling bug. (You can use beyondexec to patch all your systems.)

    Missing ADMIN$ Shares

    When running BeyondExec for the first time on a specific computer I get the following message -

    	[mars] BeyondExec Service (rexesvr.exe) copy failed.
    	[mars] Error 0x35 : The network path was not found.
    	[mars] Cannot Start Service on Remote Computer
    	[mars] BeyondExec Service (rexesvr.exe) copy failed.
    	[mars] Error 0x43 : The network name cannot be found.

    BeyondExec uses the hidden ADMIN$ share to copy the rexesvr service to the remote machine. Some sites choose to remove this share for security purposes. Check that the hidden share ADMIN$ is present on the target computer.

    Locked Workstations

    When a workstation is locked, the shutdown, reboot and logout actions will not function correctly unless the -f (force applications to terminate) switch is specified. The suspend and hibernate actions will function correctly on a locked workstation. This is a problem associated with the ExitWindowsEx() API provided in Windows.

    Mapping Network Drives

    When using net use h: \\neptune\data /USER:Administrator Password to map a shared drive with beyondexec, the following error may result

    C:\>net use h: \\neptune\data /USER:Administrator Password
    System error 1312 has occurred.
    A specified logon session does not exist. It may already have been terminated.

    BeyondExec impersonates the administrator who connected to the service. As a result BeyondExec can impersonate the client's security context on the local system, however it cannot impersonate the client on remote systems. A solution around this to use the full domain\username. e.g.

    C:\WINDOWS>net use h: \\neptune\data /USER:neptune\Administrator Password
    The command completed successfully.

    Beyondexec runs in its own session, thus any network drives mapped by other users or in other sessions are not available. This is also true when the administrator is logged in and you are running with the same credentials.

    Powerdown on Windows NT 4 / Soft-Off

    Windows NT 4 can be made to switch itself off after shutdown should your computer supports power management. When Service Pack 6/6a is extracted you will find a hal.dll.softex file. If you replace \winnt\system32\hal.dll with a copy of this file, using -d poweroff with beyondexec will shutdown and poweroff your ACPI Windows NT 4 Workstation. Failure to replace the hal.dll will result in the poweroff action rebooting your Windows NT computer.

    Distributing Registry Keys : If I run <regfile>.reg nothing happens.

    If you try to add a registry file to the remote computer's registry using <regfile>.reg on the command line, registry editor is spawned an is waiting for the user to answer Yes or No to "Are you sure you want to add the information in <regfile>.reg to the registry?". To prevent this occurring you need to use the /S switch (Silent) with regedit. e.g. regedit /S <regfile>.reg

    When communicating with Remote Windows XP machines, BeyondExec will not accept the Administrator Password

    Please ensure the “Network access : Sharing and security model for local accounts” is set to “Classic – local user authenticates as themselves” This can be found in the Local Security Settings, Local Policies. Note that this policy is enabled to “Guest only – local users authenticate as guest” by default for a computer running Windows XP Professional that is joined to a workgroup.

    BeyondExec will not accept my blank Administrator Password

    	[mars] Establishing Connection . . .
    	[mars] Error 0x52F : Logon failure: user account restriction.

    This is normal operation on Windows Workstations with a blank Administrator Password. Windows will not allow a network connection if the password is blank. Please set your password to something more secure in order to use Windows Networking and hence BeyondExec.

    Example : How can I use Beyondexec to distribute Windows NT 2000 SP4?

    Running w2ksp4.exe /? brings up the following switches which can be used to help distribute the service pack.

    -u Unattended mode.
    -f Force other programs to close when the computer shuts down.
    -n Do not back up files for uninstallation.
    -o Overwrite OEM files without prompting.
    -z Do not restart when installation is complete.
    -q Quite mode (no user interaction).
    -l List installed hotfixes.
    -s:<dir> Intergrate Service Pack files into <dir>.
    -d:<dir> Back up files onto <dir>.

    The following command installs the Windows 2000 SP4 on the remote computers in quite mode. While we do not use beyondexec's -i switch to interactivity display the process on the users desktop, we ask the service pack to run in quite mode so it doesn’t prompting for input, effectively halting the process. We choose not to back up the files for un-installation and do not allow the service pack to reboot the computer. When the service pack reboots the computer the user gets no warning. Instead we get beyondexec to tell the user that the service pack has been installed on the computer and that it requires rebooting. This will initiate a count down giving the user 60 seconds to cancel the shutdown before the computer reboots. However if no user is present, e.g. after hours the computer will reboot to complete the service pack.

    c:\>beyondexec -g office.grp -c -d reboot -m "Service Pack 4 has been installed on your computer. 
    Could you please reboot you computer as soon as practically possible" g:\temp\w2ksp4_en.exe -q -n -z

    This command line copies the 132MB service pack to the remote computer before it is executed. After the service pack has been installed, beyondexec deletes the file from %system%\temp to free up this room. Depending upon your network, you may choose to install the service pack from a network drive.

    Example : How can I use Beyondexec to distribute Internet Explorer 6, SP1?

    The first set to installing Internet Explorer 6 SP1 is to customise the install to your site. This is done by downloading the Microsoft IEAK (Internet Explorer Administration Kit) 6. This allows the Administrator to set up policies, restrictions, proxy settings etc which will be installed for ALL users.

    As Internet Explorer doesn't come in a single file, you may choose to install it from a network drive. In this case create a batch file named ie6sp1.bat or simular and add the following lines :

    	net use z: \\<Server>\ie6sp1 /USER:<ServerDomain>\<Username> <Password>
    	z:\ie6setup /q

    If you run ie6setup /? it will display a number of switches you can use. /q is to install Internet Explorer in quite mode.

    Then you can use beyondexec to copy this batch file to the remote computer and start it running

    	beyondexec -g office.grp -cs ie6sp1.bat

    where office.grp contain the names of the computers you wish to distribute ie6 onto. The -cs sets the security of the ie6sp1.bat file so only the Administrator has rights to read and access the file.

    Beyondexec can only copy the one file to the remote workstations. How can I copy more?

    If you need to copy addition files to your remote computers you may consider using a batch file such as distribute.bat. Distribute.bat contains the following :

    	@echo off
    	For /F %%i IN (%1) DO xcopy /o %2 \\%%i\c$\%3

    and will read .grp files used with BeyondExec. To copy the folder c:\winnt\temp\setup to the same place on the multiple computers use :

     distribute computers.grp c:\winnt\temp\setup \winnt\temp\setup

    The batch file uses the C$ hidden share and assumes you have the same passwords across all workstations.


  • Version 2.05, 47K bytes. (Freeware)
    • Revision History
      • 20th September 2003 - Version 2.05
        • Removed problem preventing UNC paths being used to execute programs.
        • Added support to remove file from remote machine after it has been copied using the -c switch.
        • Added extra switch -cs which copies the file to remote computer with sole Administrator or System rights. This is good for batch files which contain confidential information, preventing users from viewing the contents.
        • Added -q switch to set process priority. Acceptable values are AboveNormal, BelowNormal, HighPriority, Idle, Normal, Realtime.
        • Added the ability to modify the security descriptor on the pipes allowing explicit users to use the service rather than only members of the Administrators Group.
      • 17th April 2003 - Version 2.04
        • Removed references to user group names allowing support for International versions of Windows. For example versions prior to 2.04 failed on German Windows as the Administrators Group is called Administratoren.
        • Improved support for computers not switched on or present. BeyondExec will no longer block as long waiting for a response from a non-existent computer. Any blocking present now is a feature of Windows and not BeyondExec.
      • 18th March 2003 - Version 2.03
        • Checks file version of service installed on remote computer and updates it accordingly. This omits the need to use the -r switch prior to updating to a new version and alleviates problems when some clients are updated and others are forgotten.
        • Processes running with an Interactive Desktop are now given the correct security privileges to the WindowStation and Desktop. This caused interactive processes spawned on Windows XP to show only an ghostly outline on the desktop.
        • Precopy file (-c) now replaces files if they already exist in the temp directory of the target machine. Versions prior reported an error requiring the user to manually delete the file in order to update it.
        • Fixed parsing of precopy file parameters so files can now be copied to the remote machine and executed with parameters. e.g. beyondexec \\mars -c "process.exe -q notepad.exe"
        • Added (-n) switch to ignore shutdown proceedings on computers with logged in users.
        • Rewritten functions so as to re-instate support for Windows NT4 due to popular demand. Tested on WinNT4 SP6a.
        • Added poweroff shutdown action for support with Windows NT 4's hal.dll.sofex hardware abstraction layer.
        • Increased DACL Security on Pipes to Support Windows NT 4.
      • 18 February 2003 - Version 2.02
        • Added ability to disable cancel button (-x) preventing users from aborting the shutdown action.
        • Ensures cancel notification dialog box appears on active desktop. When workstation was locked, dialog would appear on the default (applications) desktop.
      • 11 February 2003 - Version 2.01
        • Fixed Win2k/WinXP %SystemRoot% compatibility problems.
        • Included a work around for Windows ExitWindowsEx bug where a call to logoff an user on a workstation that has no logged on user will cause the workstation to reboot.
      • 20 January 2003 - Version 2.0
        • Improved reliability and error handling with networked connections.
        • Added option to terminate rouge processes after a specified number of seconds.
        • Ability to bypass driver checks speeding up access on frequently used machines.
        • Added shutdown options allowing the Shutdown (Powerdown), Rebooting, Suspending, Hibernating, Logging Off and Locking of Workstations with the ability to display a message to the user for a specified number of seconds.
        • Multithreaded both server and client applications.
        • Added group option allowing the one action to be sent to all computers listed in the specified group file.
        • Added option to stop, and remove driver from client machines.
        • Discontinued NT4 Support.
      • 1st November 2002 - Version 1.0
        • First release to public. Supports NT4/2000/XP

    Other Unique and Innovative Software Solutions from Beyond Logic

    • Beyond Logic Shutdown Utility for NT/2000/XP
      The Windows 2000 Professional Resource Kit and Windows XP introduce a shutdown.exe command line utility to shutdown local computers. However a quick play with these utilities will fine that they are less than adequate. The Beyond Logic shutdown.exe actually powers down computers while giving your users the option of cancelling the operation or allowing you to only target computers without a logged on user.
    • Trust-No-Exe - An executable filter for Windows NT/2000/XP
      Allow users to run trusted applications from defined directories, while preventing the execution of non-trusted programs from floppy disk and CDROM drives or from the users e-mail attachment directory. Stop PE viruses in their tracks where on Windows platforms year, nine out of ten of the top viruses were spread via e-mail.

    • Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP
      Want a command line utility to view, kill, suspend or set the priority or affinity of processes, perhaps from a batch file? Kills rouge processes where Window's Task Manager fails.

    • Bmail - Command Line SMTP Mailer for Batch Jobs
      Bmail is a free but lean command line SMTP mail sender. Bmail allows the user to automate the sending of email messages containing log files, data downloads or error messages on Win32 based computers.

    • Delete/Copy by Owner utility for Windows NT/2000/XP
      Have you ever had the need to find, copy or delete files that were owned by a certain user? A great way to back up files created by previous employees or to clean workstations when one leaves.

    • PortTalk - A Windows NT/2000/XP I/O Port Device Driver
      A problem that plagues Windows NT/2000/XP, is it's strict control over I/O ports. Unlike Windows 95, 98 or ME, Windows NT/2000/XP will cause an exception (Privileged Instruction) if an attempt is made to access an I/O port that your program is not privileged to access. The PortTalk driver allows existing programs to access selected I/O ports.

    • Win32 Pipe Security Editor Windows NT/2000/XP
      Do you know what named pipes you have on a system, quietly advertising for something to connect to it? Do you know how secure each pipe is, whether the associated security descriptor is strong enough?. The Win32 Pipe Security Editor is the ideal tool for checking the security of your own pipe servers or to set up auditing of existing pipe servers.

    • Console Computer Information Utility for 2000/XP
      Want a quick console utility to display the hardware specifications of a PC including Processors Type, Operating System and Service Pack, Physical and Virtual Memory, Network Addresses, Logical Drive information, Video Card Type, Hard Disk, CDROM and Printer Information.

    Copyright 2002-2007 Craig Peacock - 6th April 2007.