;; 
;;=====================================================================================----- 
;; 
;;FUNCTION       WMIRemoteExec() 
;; 
;;ACTION         Uses WMI to create a process on a remote PC 
;; 
;;AUTHOR         Radimus, Christopher Shilt 
;; 
;;VERSION        2.0 -  
;;               1.0 - 2005/07/20 
;; 
;;SYNTAX         WMIRemoteExec(COMMAND [, COMPUTER] [, USERNAME] [, PASSWORD]) 
;; 
;;PARAMETERS     COMMAND - Required - String 
;;               - The command to execute on remote PC (check the paths, best bet is   
;;                to push a batch file and exec that.)  
;;  
;;               COMPUTER - Optional - String 
;;               - Target PC, if blank defaults to local  
;;  
;;               USER - Optional - String 
;;               - Specifies the user to connect to the remote computer.  
;;  
;;               PASSWORD - Optional - String 
;;               - Specifies the password to connect to the remote computer. 
;; 
;;REMARKS        This execs under the remote PC's system context, the user has no  
;;               interaction with the process and the process has no permission to  
;;               network resources. local & silent commands only. 
;; 
;;RETURNS        Output from command, if any, otherwise empty string. 
;;               Exits with a value of 0 (zero) if the process was successfully created, 
;;               and any other number to indicate an error. Some of the possible return 
;;               values are listed in the following table.  
;;  
;;               Return Code      Description   
;;               -----------      ----------------------  
;;               0                Successful completion   
;;               2                Access denied   
;;               3                Insufficient privilege   
;;               8                Unknown failure   
;;               9                Path not found   
;;               21               Invalid parameter   
;; 
;;DEPENDENCIES   none 
;; 
;;TESTED WITH    W2K3, W2K8, W2K12 
;; 
;;EXAMPLES       $rc = fnRemoteExec('regsvr32 c:\winnt\system32\kixforms.dll /s', $computer)  
;;  
;;               $rc = fnRemoteExec("net send " + @WKSTA + " Test message","SomePC","USER","p@ssw0rd")  
;  
Function WMIRemoteExec($_sCommand, OPTIONAL $_sComputer, OPTIONAL $_sUser, OPTIONAL $_sPwd)
 
    Dim $_objLocator			;  
    Dim $_objSvc			;  
    Dim $_objSet			;  
 
    ; verify that the computer does not have any slashes 
    $_sComputer = Join(Split($_sComputer, '\', 3), '')
 
    $_objLocator = CreateObject("WbemScripting.SwbemLocator")
 
    $WMIRemoteExec = ''
 
    If $_sComputer
      $_objSvc = $_objLocator.ConnectServer($_sComputer,,$_sUser,$_sPwd)
    Else
      $_objSvc = $_objLocator.ConnectServer()
    EndIf
    If @ERROR Exit @ERROR EndIf
 
    $_objSet = $_objSvc.Get("Win32_Process")
    If @ERROR Exit @ERROR EndIf
 
    $WMIRemoteExec = $_objSet.Create($_sCommand)
    Exit @ERROR
 
EndFunction