Last Updated on February 3, 2022 by Dave Farquhar
A good trick for the busy system administrator is knowing how to reboot Windows from a command line. For example, I used to push patches on Thursday and Friday, suppress the reboots, then reboot my servers from a batch file starting on Monday. Rebooting from a command line rather than using the Start menu and selecting shutdown or restart saved me countless hours.
As a security professional, I know when systems need to reboot based on seeing Tenable plugin 34543 or Qualys QID 90126 in my scan results.
The shutdown command to reboot Windows from a command line
To restart Windows from a command line, open a command prompt window use ye olde shutdown command:
shutdown /r /t 60
The shutdown command has a lot of parameters but the most important ones are /r, which tells it to restart, and /t, which gives you a timeout. Immediate shutdowns are bad. I’m sure it’s happened to you. You get permission to restart a server, then the phone rings two minutes later rescinding that permission. Or you find you’re signed into the wrong machine.
Always include the /r parameter. Otherwise the computer simply shuts down. If you do that more than once, you get a reputation, and your name may become a verb.
Aborting a shutdown
To abort a pending shutdown, use this command:
This is the command you type when your phone rings 58 seconds after you initiated the reboot command. Frequently I type the command in case I’m going to need it, then wait for the phone to ring. If it rings within 60 seconds, I hit enter. If it rings after 61 seconds, I tell them it’s too late and the systems are dropping.
Reboot Windows from a command line remotely
Here’s the big timesaver. I can reboot hundreds of Windows machines remotely if I need to.
shutdown /r /t 60 /m \\stlnt01
This command restarts the computer STLNT01 remotely in 60 seconds. This saves you from having to use Remote Desktop. This is one place where a standard Windows command does more than its Unix equivalent.
Reboot loads of Windows machines from a batch file
This trick really shines when you reboot large quantities of Windows servers. Using a super-simple batch file, you can reboot hundreds of Windows machines from one place. In my sysadmin days, I would run the shutdown script from one command prompt window, have another one open ready to abort any shutdowns from, and have a third to check machines from.
The reboot batch file
for /f %%i in (computers.txt) do shutdown /r /t 60 /m \\%%i
Simply enter your list of computers in a name called computers.txt, store it in the same directory as your batch file, and you’re good to go. It may help to have a few lists, such as your standard system inventory in one list, and an export from Qualys or Tenable for picking up computers that need an extra reboot.
The first command pauses the script. I always do this in case I run it accidentally. Then I can hit ctrl-c to cancel without any further incident.
The cancellation batch file
You can abort any single computer in the list with the shutdown /a command. I also like to have a big cancellation batch file ready. It’s a one-liner.
for /f %%i in (computers.txt) do shutdown /a \\%%i
This way if something goes horribly wrong, you can stop the whole thing in flight, as long as 60 seconds haven’t passed.
Is it done yet?
And here’s a quick way to check on whether a machine is back yet. This just sends one quick ping request.
ping -n 1 stlnt01
You can loop through this in a batch file too.
for /f %%i in (computers.txt) do ping -n 1 %%i
Or to watch one machine, use this:
ping -t stlnt01
This pings continuously. You’ll see timeouts as long as the system is down, followed by responses once the system comes back. A system can respond to pings when it’s not completely recovered yet, but once the system starts responding to pings, you know it’s just about back.
Why Qualys or Tenable show pending reboots when you rebooted
Sometimes when you push a large number of patches, it takes more than reboot for all of them to take effect. Plugin 34543 or QID 90126 is always one of the first things I look for. That way, if we’re not getting full credit for all the work we’re doing, I can know right away.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.