Scm

Provides functionality for interacting with the service control manager on a remote Windows system

Synopsis

Scm <subcommand>

Subcommands

Command	Description
query	Queries the status of a service
qtriggers	Queries the status of a service
create	Creates and optionally starts a new service
delete	Deletes a service
start	Starts a service
stop	Stops a service

For help on a subcommand, use Scm <subcommand> -h

Scm create

Creates and optionally starts a new service

Synopsis

Scm create [options] <ServerName> <ServiceName> [ <BinPath> ]

Parameters

Name	Value	Description
<ServerName>	<String>	RPC server to interact with
<ServiceName>	<String>	Name of service to create
<BinPath>	<String>	Service command line

Options

Name	Aliases	Value	Description
-ServiceType		<ServiceTypes>	Type of service
			Default: 16
			Possible values:
			None
			KernelDriver
			FileSystemDriver
			OwnProcess
			SharedProcess
			All
-StartType		<ServiceStartType>	Service start type
			Default: 3
			Possible values:
			Boot
			System
			Auto
			Demand
			Disabled
-ErrorControl		<ServiceErrorControl>	Error control
			Default: 1
			Possible values:
			Ignore
			Normal
			Severe
			Critical
-LoadOrderGroup		<String>	Load order group
-Tag		<Int32>	Unique tag within the load order group
			Default: 0
-Dependencies	-deps	<String[]>	List of services this service depends on
-StartName		<String>	Name of user account to run service as
			Default: LocalSystem
-StartPassword		<String>	Password of service account
-DisplayName		<String>	Service display name
-Start		<SwitchParam>	Start the service once created
-ConsoleOutputStyle	-OutputStyle	<OutputStyle>	Determines the output style
			Possible values:
			Freeform
			Raw
			Table
			List
			Csv
			Tsv
			Json
-OutputHeaders		<SwitchParam>	Print headers for table/list/CSV/TSV styles
			Default: True
-Spnego		<SwitchParam>	Uses SP-NEGO for authentication
-AuthEpm		<SwitchParam>	Authenticates EP mapper requests
-EncryptEpm		<SwitchParam>	Encrypts EP mappend requests
-EncryptRpc		<SwitchParam>	Encrypts RPC messages
-PreferSmb		<SwitchParam>	If the interface supports named pipes, attempt to connect over the named pipe instead of TCP
-SpnOverride		<SpnMapping[]>	Specifies an SPN override
-AuthProxy		<EndPoint>	Endpoint of auth proxy
-Socks5		<host-or-ip:port>	End point of SOCKS 5 server to use

Output

Name	Aliases	Value	Description
-LogLevel		<LogMessageSeverity>	Sets the lowest level of messages to log
			Possible values:
			Debug
			Diagnostic
			Verbose
			Info
			Warning
			Error
			Critical
-ConsoleLogFormat	-LogFormat	<LogFormat>	Sets the format of log messages written to the console
			Default: 0
			Possible values:
			Text
			TextWithTimestamp
			Json
-Verbose	-V	<SwitchParam>	Prints verbose messages
-Diagnostic	-vv	<SwitchParam>	Prints diagnostic messages
-HumanReadable		<SwitchParam>	Formats file sizes as human-readable values

Authentication

Name	Aliases	Value	Description
-Anonymous		<SwitchParam>	Uses anonymous login
-UserName	-u	<UserPrincipalName>	User name to authenticate with, not including the domain
-UserDomain	-ud	<String>	Domain of user to authenticate with
-Password	-p	<String>	Password to authenticate with
-NtlmHash		<hexadecimal hash>	NTLM hash for NTLM authentication

Authentication (Kerberos)

Name	Value	Description
-AesKey	<HexString>	AES key (128 or 256)
-DesKey	<HexString>	DES key
-Tgt	<String>	Name of file containing a ticket-granting ticket (.kirbi or ccache)
-Tickets	<String[]>	Name of file containing service tickets (.kirbi or ccache)
-TicketCache	<String>	Name of ticket cache file
-K, -Kdc	<host-or-ip:port>	KDC endpoint
-S4UserName	<UserPrincipalName>	Name of user to impersonate with S4U
-U2UserName	<UserPrincipalName>	User name to request TGT for U2U
-S4UserCert	<String>	Name of file containing a certificate of a user to impersonate with S4U
-S4ProxyService	<SecurityPrincipalName>	Name of service to proxy through
-UserCert	<String>	Name of file containing user's certificate (for PKINIT)
-UserKey	<String>	Name of file containing user's key (for PKINIT)
-UserKeyPassword	<String>	Password to decrypt file containing user's key (for PKINIT)

Authentication (NTLM)

Name	Aliases	Value	Description
-Workstation	-w	<String>	Name of workstation to send with NTLM authentication
-NtlmVersion		<Version>	NTLM version number (a.b.c.d)

Connection

Name	Aliases	Value	Description
-HostAddress	-ha	<String[]>	Network address(es) of the server
-UseTcp6Only	-6	<SwitchParam>	Only use TCP over IPv6 endpoint
-UseTcp4Only	-4	<SwitchParam>	Only use TCP over IPv4 endpoint
-Dialects		<Smb2Dialect[]>	List of SMB2 dialects to negotiate
			Possible values:
			Smb2_0_2
			Smb2_1
			Smb3_0
			Smb3_0_2
			Smb3_1_1
-RequireSigning	-signreq	<SwitchParam>	Requires packets to be signed
-RequireSecureNegotiate		<SwitchParam>	Requires the client to authenticate the negotiation
-EncryptSmb		<SwitchParam>	Requires an encrypted connection

Client Behavior

Name	Aliases	Value	Description
-F, -FollowDfs		<SwitchParam>	Checks for and follows DFS referrals (default=true)
-DfsReferralBufferSize		<Int32>	Specifies the size for the DFS referral buffer (default=4096)

Examples

Example 1 - Create and start a service

Scm create LUMON-DC1 -UserName milchick -Password Br3@kr00m! -EncryptRpc myservice -DisplayName "My Service" C:\windows\system32\cmd.exe -Start

Scm delete

Deletes a service

Synopsis

Scm delete [options] <ServerName> <ServiceName>

Parameters

Name	Aliases	Value	Description
<ServerName>		<String>	RPC server to interact with
<ServiceName>		<String>	Name of the service

Options

Name	Aliases	Value	Description
-ConsoleOutputStyle	-OutputStyle	<OutputStyle>	Determines the output style
			Possible values:
			Freeform
			Raw
			Table
			List
			Csv
			Tsv
			Json
-OutputHeaders		<SwitchParam>	Print headers for table/list/CSV/TSV styles
			Default: True
-Spnego		<SwitchParam>	Uses SP-NEGO for authentication
-AuthEpm		<SwitchParam>	Authenticates EP mapper requests
-EncryptEpm		<SwitchParam>	Encrypts EP mappend requests
-EncryptRpc		<SwitchParam>	Encrypts RPC messages
-PreferSmb		<SwitchParam>	If the interface supports named pipes, attempt to connect over the named pipe instead of TCP
-SpnOverride		<SpnMapping[]>	Specifies an SPN override
-AuthProxy		<EndPoint>	Endpoint of auth proxy
-Socks5		<host-or-ip:port>	End point of SOCKS 5 server to use

Output

Name	Aliases	Value	Description
-LogLevel		<LogMessageSeverity>	Sets the lowest level of messages to log
			Possible values:
			Debug
			Diagnostic
			Verbose
			Info
			Warning
			Error
			Critical
-ConsoleLogFormat	-LogFormat	<LogFormat>	Sets the format of log messages written to the console
			Default: 0
			Possible values:
			Text
			TextWithTimestamp
			Json
-Verbose	-V	<SwitchParam>	Prints verbose messages
-Diagnostic	-vv	<SwitchParam>	Prints diagnostic messages
-HumanReadable		<SwitchParam>	Formats file sizes as human-readable values

Authentication

Name	Aliases	Value	Description
-Anonymous		<SwitchParam>	Uses anonymous login
-UserName	-u	<UserPrincipalName>	User name to authenticate with, not including the domain
-UserDomain	-ud	<String>	Domain of user to authenticate with
-Password	-p	<String>	Password to authenticate with
-NtlmHash		<hexadecimal hash>	NTLM hash for NTLM authentication

Authentication (Kerberos)

Name	Value	Description
-AesKey	<HexString>	AES key (128 or 256)
-DesKey	<HexString>	DES key
-Tgt	<String>	Name of file containing a ticket-granting ticket (.kirbi or ccache)
-Tickets	<String[]>	Name of file containing service tickets (.kirbi or ccache)
-TicketCache	<String>	Name of ticket cache file
-K, -Kdc	<host-or-ip:port>	KDC endpoint
-S4UserName	<UserPrincipalName>	Name of user to impersonate with S4U
-U2UserName	<UserPrincipalName>	User name to request TGT for U2U
-S4UserCert	<String>	Name of file containing a certificate of a user to impersonate with S4U
-S4ProxyService	<SecurityPrincipalName>	Name of service to proxy through
-UserCert	<String>	Name of file containing user's certificate (for PKINIT)
-UserKey	<String>	Name of file containing user's key (for PKINIT)
-UserKeyPassword	<String>	Password to decrypt file containing user's key (for PKINIT)

Authentication (NTLM)

Name	Aliases	Value	Description
-Workstation	-w	<String>	Name of workstation to send with NTLM authentication
-NtlmVersion		<Version>	NTLM version number (a.b.c.d)

Connection

Name	Aliases	Value	Description
-HostAddress	-ha	<String[]>	Network address(es) of the server
-UseTcp6Only	-6	<SwitchParam>	Only use TCP over IPv6 endpoint
-UseTcp4Only	-4	<SwitchParam>	Only use TCP over IPv4 endpoint
-Dialects		<Smb2Dialect[]>	List of SMB2 dialects to negotiate
			Possible values:
			Smb2_0_2
			Smb2_1
			Smb3_0
			Smb3_0_2
			Smb3_1_1
-RequireSigning	-signreq	<SwitchParam>	Requires packets to be signed
-RequireSecureNegotiate		<SwitchParam>	Requires the client to authenticate the negotiation
-EncryptSmb		<SwitchParam>	Requires an encrypted connection

Client Behavior

Name	Aliases	Value	Description
-F, -FollowDfs		<SwitchParam>	Checks for and follows DFS referrals (default=true)
-DfsReferralBufferSize		<Int32>	Specifies the size for the DFS referral buffer (default=4096)

Examples

Example 1 - Delete a service

Scm delete LUMON-DC1 -UserName milchick -Password Br3@kr00m! -EncryptRpc myservice

Scm qtriggers

Queries the status of a service

Synopsis

Scm qtriggers [options] <ServerName> <ServiceName>

Parameters

Name	Aliases	Value	Description
<ServerName>		<String>	RPC server to interact with
<ServiceName>		<String[]>	Names of services to query (* for all)

Options

Name	Aliases	Value	Description
-ConsoleOutputStyle	-OutputStyle	<OutputStyle>	Determines the output style
			Possible values:
			Freeform
			Raw
			Table
			List
			Csv
			Tsv
			Json
-OutputFields		<String[]>	Fields to display in output
			Possible values:
			ServiceName
			TriggerType
			TriggerTypeDescription
			Action
			Data0
-OutputHeaders		<SwitchParam>	Print headers for table/list/CSV/TSV styles
			Default: True
-Spnego		<SwitchParam>	Uses SP-NEGO for authentication
-AuthEpm		<SwitchParam>	Authenticates EP mapper requests
-EncryptEpm		<SwitchParam>	Encrypts EP mappend requests
-EncryptRpc		<SwitchParam>	Encrypts RPC messages
-PreferSmb		<SwitchParam>	If the interface supports named pipes, attempt to connect over the named pipe instead of TCP
-SpnOverride		<SpnMapping[]>	Specifies an SPN override
-AuthProxy		<EndPoint>	Endpoint of auth proxy
-Socks5		<host-or-ip:port>	End point of SOCKS 5 server to use

Output

Name	Aliases	Value	Description
-LogLevel		<LogMessageSeverity>	Sets the lowest level of messages to log
			Possible values:
			Debug
			Diagnostic
			Verbose
			Info
			Warning
			Error
			Critical
-ConsoleLogFormat	-LogFormat	<LogFormat>	Sets the format of log messages written to the console
			Default: 0
			Possible values:
			Text
			TextWithTimestamp
			Json
-Verbose	-V	<SwitchParam>	Prints verbose messages
-Diagnostic	-vv	<SwitchParam>	Prints diagnostic messages
-HumanReadable		<SwitchParam>	Formats file sizes as human-readable values

Authentication

Name	Aliases	Value	Description
-Anonymous		<SwitchParam>	Uses anonymous login
-UserName	-u	<UserPrincipalName>	User name to authenticate with, not including the domain
-UserDomain	-ud	<String>	Domain of user to authenticate with
-Password	-p	<String>	Password to authenticate with
-NtlmHash		<hexadecimal hash>	NTLM hash for NTLM authentication

Authentication (Kerberos)

Name	Value	Description
-AesKey	<HexString>	AES key (128 or 256)
-DesKey	<HexString>	DES key
-Tgt	<String>	Name of file containing a ticket-granting ticket (.kirbi or ccache)
-Tickets	<String[]>	Name of file containing service tickets (.kirbi or ccache)
-TicketCache	<String>	Name of ticket cache file
-K, -Kdc	<host-or-ip:port>	KDC endpoint
-S4UserName	<UserPrincipalName>	Name of user to impersonate with S4U
-U2UserName	<UserPrincipalName>	User name to request TGT for U2U
-S4UserCert	<String>	Name of file containing a certificate of a user to impersonate with S4U
-S4ProxyService	<SecurityPrincipalName>	Name of service to proxy through
-UserCert	<String>	Name of file containing user's certificate (for PKINIT)
-UserKey	<String>	Name of file containing user's key (for PKINIT)
-UserKeyPassword	<String>	Password to decrypt file containing user's key (for PKINIT)

Authentication (NTLM)

Name	Aliases	Value	Description
-Workstation	-w	<String>	Name of workstation to send with NTLM authentication
-NtlmVersion		<Version>	NTLM version number (a.b.c.d)

Connection

Name	Aliases	Value	Description
-HostAddress	-ha	<String[]>	Network address(es) of the server
-UseTcp6Only	-6	<SwitchParam>	Only use TCP over IPv6 endpoint
-UseTcp4Only	-4	<SwitchParam>	Only use TCP over IPv4 endpoint
-Dialects		<Smb2Dialect[]>	List of SMB2 dialects to negotiate
			Possible values:
			Smb2_0_2
			Smb2_1
			Smb3_0
			Smb3_0_2
			Smb3_1_1
-RequireSigning	-signreq	<SwitchParam>	Requires packets to be signed
-RequireSecureNegotiate		<SwitchParam>	Requires the client to authenticate the negotiation
-EncryptSmb		<SwitchParam>	Requires an encrypted connection

Client Behavior

Name	Aliases	Value	Description
-F, -FollowDfs		<SwitchParam>	Checks for and follows DFS referrals (default=true)
-DfsReferralBufferSize		<Int32>	Specifies the size for the DFS referral buffer (default=4096)

Scm query

Queries the status of a service

Synopsis

Scm query [options] <ServerName>

Parameters

Name	Aliases	Value	Description
<ServerName>		<String>	RPC server to interact with

Options

Name	Aliases	Value	Description
-Types		<ServiceTypes[]>	Filter by service type
			Possible values:
			None
			KernelDriver
			FileSystemDriver
			OwnProcess
			SharedProcess
			All
-States		<ServiceStates[]>	Filter by service state
			Possible values:
			None
			Active
			Inactive
			All
-ConsoleOutputStyle	-OutputStyle	<OutputStyle>	Determines the output style
			Possible values:
			Freeform
			Raw
			Table
			List
			Csv
			Tsv
			Json
-OutputFields		<String[]>	Fields to display in output
			Possible values:
			ServiceName
			DisplayName
			ServiceType
			State
			Win32ExitCode
			SpecificExitCode
-OutputHeaders		<SwitchParam>	Print headers for table/list/CSV/TSV styles
			Default: True
-Spnego		<SwitchParam>	Uses SP-NEGO for authentication
-AuthEpm		<SwitchParam>	Authenticates EP mapper requests
-EncryptEpm		<SwitchParam>	Encrypts EP mappend requests
-EncryptRpc		<SwitchParam>	Encrypts RPC messages
-PreferSmb		<SwitchParam>	If the interface supports named pipes, attempt to connect over the named pipe instead of TCP
-SpnOverride		<SpnMapping[]>	Specifies an SPN override
-AuthProxy		<EndPoint>	Endpoint of auth proxy
-Socks5		<host-or-ip:port>	End point of SOCKS 5 server to use

Output

Name	Aliases	Value	Description
-LogLevel		<LogMessageSeverity>	Sets the lowest level of messages to log
			Possible values:
			Debug
			Diagnostic
			Verbose
			Info
			Warning
			Error
			Critical
-ConsoleLogFormat	-LogFormat	<LogFormat>	Sets the format of log messages written to the console
			Default: 0
			Possible values:
			Text
			TextWithTimestamp
			Json
-Verbose	-V	<SwitchParam>	Prints verbose messages
-Diagnostic	-vv	<SwitchParam>	Prints diagnostic messages
-HumanReadable		<SwitchParam>	Formats file sizes as human-readable values

Authentication

Name	Aliases	Value	Description
-Anonymous		<SwitchParam>	Uses anonymous login
-UserName	-u	<UserPrincipalName>	User name to authenticate with, not including the domain
-UserDomain	-ud	<String>	Domain of user to authenticate with
-Password	-p	<String>	Password to authenticate with
-NtlmHash		<hexadecimal hash>	NTLM hash for NTLM authentication

Authentication (Kerberos)

Name	Value	Description
-AesKey	<HexString>	AES key (128 or 256)
-DesKey	<HexString>	DES key
-Tgt	<String>	Name of file containing a ticket-granting ticket (.kirbi or ccache)
-Tickets	<String[]>	Name of file containing service tickets (.kirbi or ccache)
-TicketCache	<String>	Name of ticket cache file
-K, -Kdc	<host-or-ip:port>	KDC endpoint
-S4UserName	<UserPrincipalName>	Name of user to impersonate with S4U
-U2UserName	<UserPrincipalName>	User name to request TGT for U2U
-S4UserCert	<String>	Name of file containing a certificate of a user to impersonate with S4U
-S4ProxyService	<SecurityPrincipalName>	Name of service to proxy through
-UserCert	<String>	Name of file containing user's certificate (for PKINIT)
-UserKey	<String>	Name of file containing user's key (for PKINIT)
-UserKeyPassword	<String>	Password to decrypt file containing user's key (for PKINIT)

Authentication (NTLM)

Name	Aliases	Value	Description
-Workstation	-w	<String>	Name of workstation to send with NTLM authentication
-NtlmVersion		<Version>	NTLM version number (a.b.c.d)

Connection

Name	Aliases	Value	Description
-HostAddress	-ha	<String[]>	Network address(es) of the server
-UseTcp6Only	-6	<SwitchParam>	Only use TCP over IPv6 endpoint
-UseTcp4Only	-4	<SwitchParam>	Only use TCP over IPv4 endpoint
-Dialects		<Smb2Dialect[]>	List of SMB2 dialects to negotiate
			Possible values:
			Smb2_0_2
			Smb2_1
			Smb3_0
			Smb3_0_2
			Smb3_1_1
-RequireSigning	-signreq	<SwitchParam>	Requires packets to be signed
-RequireSecureNegotiate		<SwitchParam>	Requires the client to authenticate the negotiation
-EncryptSmb		<SwitchParam>	Requires an encrypted connection

Client Behavior

Name	Aliases	Value	Description
-F, -FollowDfs		<SwitchParam>	Checks for and follows DFS referrals (default=true)
-DfsReferralBufferSize		<Int32>	Specifies the size for the DFS referral buffer (default=4096)

Scm start

Starts a service

Synopsis

Scm start [options] <ServerName> <ServiceName> [ <ServiceArgs> ]

Parameters

Name	Value	Description
<ServerName>	<String>	RPC server to interact with
<ServiceName>	<String>	Name of the service
<ServiceArgs>	<String[]>	Optional arguments to pass to service

Options

Name	Aliases	Value	Description
-ConsoleOutputStyle	-OutputStyle	<OutputStyle>	Determines the output style
			Possible values:
			Freeform
			Raw
			Table
			List
			Csv
			Tsv
			Json
-OutputHeaders		<SwitchParam>	Print headers for table/list/CSV/TSV styles
			Default: True
-Spnego		<SwitchParam>	Uses SP-NEGO for authentication
-AuthEpm		<SwitchParam>	Authenticates EP mapper requests
-EncryptEpm		<SwitchParam>	Encrypts EP mappend requests
-EncryptRpc		<SwitchParam>	Encrypts RPC messages
-PreferSmb		<SwitchParam>	If the interface supports named pipes, attempt to connect over the named pipe instead of TCP
-SpnOverride		<SpnMapping[]>	Specifies an SPN override
-AuthProxy		<EndPoint>	Endpoint of auth proxy
-Socks5		<host-or-ip:port>	End point of SOCKS 5 server to use

Output

Name	Aliases	Value	Description
-LogLevel		<LogMessageSeverity>	Sets the lowest level of messages to log
			Possible values:
			Debug
			Diagnostic
			Verbose
			Info
			Warning
			Error
			Critical
-ConsoleLogFormat	-LogFormat	<LogFormat>	Sets the format of log messages written to the console
			Default: 0
			Possible values:
			Text
			TextWithTimestamp
			Json
-Verbose	-V	<SwitchParam>	Prints verbose messages
-Diagnostic	-vv	<SwitchParam>	Prints diagnostic messages
-HumanReadable		<SwitchParam>	Formats file sizes as human-readable values

Authentication

Name	Aliases	Value	Description
-Anonymous		<SwitchParam>	Uses anonymous login
-UserName	-u	<UserPrincipalName>	User name to authenticate with, not including the domain
-UserDomain	-ud	<String>	Domain of user to authenticate with
-Password	-p	<String>	Password to authenticate with
-NtlmHash		<hexadecimal hash>	NTLM hash for NTLM authentication

Authentication (Kerberos)

Name	Value	Description
-AesKey	<HexString>	AES key (128 or 256)
-DesKey	<HexString>	DES key
-Tgt	<String>	Name of file containing a ticket-granting ticket (.kirbi or ccache)
-Tickets	<String[]>	Name of file containing service tickets (.kirbi or ccache)
-TicketCache	<String>	Name of ticket cache file
-K, -Kdc	<host-or-ip:port>	KDC endpoint
-S4UserName	<UserPrincipalName>	Name of user to impersonate with S4U
-U2UserName	<UserPrincipalName>	User name to request TGT for U2U
-S4UserCert	<String>	Name of file containing a certificate of a user to impersonate with S4U
-S4ProxyService	<SecurityPrincipalName>	Name of service to proxy through
-UserCert	<String>	Name of file containing user's certificate (for PKINIT)
-UserKey	<String>	Name of file containing user's key (for PKINIT)
-UserKeyPassword	<String>	Password to decrypt file containing user's key (for PKINIT)

Authentication (NTLM)

Name	Aliases	Value	Description
-Workstation	-w	<String>	Name of workstation to send with NTLM authentication
-NtlmVersion		<Version>	NTLM version number (a.b.c.d)

Connection

Name	Aliases	Value	Description
-HostAddress	-ha	<String[]>	Network address(es) of the server
-UseTcp6Only	-6	<SwitchParam>	Only use TCP over IPv6 endpoint
-UseTcp4Only	-4	<SwitchParam>	Only use TCP over IPv4 endpoint
-Dialects		<Smb2Dialect[]>	List of SMB2 dialects to negotiate
			Possible values:
			Smb2_0_2
			Smb2_1
			Smb3_0
			Smb3_0_2
			Smb3_1_1
-RequireSigning	-signreq	<SwitchParam>	Requires packets to be signed
-RequireSecureNegotiate		<SwitchParam>	Requires the client to authenticate the negotiation
-EncryptSmb		<SwitchParam>	Requires an encrypted connection

Client Behavior

Name	Aliases	Value	Description
-F, -FollowDfs		<SwitchParam>	Checks for and follows DFS referrals (default=true)
-DfsReferralBufferSize		<Int32>	Specifies the size for the DFS referral buffer (default=4096)

Examples

Example 1 - Start a service

Scm start LUMON-DC1 -UserName milchick -Password Br3@kr00m! -EncryptRpc myservice

Example 2 - Start a service with arguments

Scm start LUMON-DC1 -UserName milchick -Password Br3@kr00m! -EncryptRpc myservice arg1 arg2 arg3

Scm stop

Stops a service

Synopsis

Scm stop [options] <ServerName> <ServiceName>

Parameters

Name	Aliases	Value	Description
<ServerName>		<String>	RPC server to interact with
<ServiceName>		<String>	Name of the service

Options

Name	Aliases	Value	Description
-ConsoleOutputStyle	-OutputStyle	<OutputStyle>	Determines the output style
			Possible values:
			Freeform
			Raw
			Table
			List
			Csv
			Tsv
			Json
-OutputHeaders		<SwitchParam>	Print headers for table/list/CSV/TSV styles
			Default: True
-Spnego		<SwitchParam>	Uses SP-NEGO for authentication
-AuthEpm		<SwitchParam>	Authenticates EP mapper requests
-EncryptEpm		<SwitchParam>	Encrypts EP mappend requests
-EncryptRpc		<SwitchParam>	Encrypts RPC messages
-PreferSmb		<SwitchParam>	If the interface supports named pipes, attempt to connect over the named pipe instead of TCP
-SpnOverride		<SpnMapping[]>	Specifies an SPN override
-AuthProxy		<EndPoint>	Endpoint of auth proxy
-Socks5		<host-or-ip:port>	End point of SOCKS 5 server to use

Output

Name	Aliases	Value	Description
-LogLevel		<LogMessageSeverity>	Sets the lowest level of messages to log
			Possible values:
			Debug
			Diagnostic
			Verbose
			Info
			Warning
			Error
			Critical
-ConsoleLogFormat	-LogFormat	<LogFormat>	Sets the format of log messages written to the console
			Default: 0
			Possible values:
			Text
			TextWithTimestamp
			Json
-Verbose	-V	<SwitchParam>	Prints verbose messages
-Diagnostic	-vv	<SwitchParam>	Prints diagnostic messages
-HumanReadable		<SwitchParam>	Formats file sizes as human-readable values

Authentication

Name	Aliases	Value	Description
-Anonymous		<SwitchParam>	Uses anonymous login
-UserName	-u	<UserPrincipalName>	User name to authenticate with, not including the domain
-UserDomain	-ud	<String>	Domain of user to authenticate with
-Password	-p	<String>	Password to authenticate with
-NtlmHash		<hexadecimal hash>	NTLM hash for NTLM authentication

Authentication (Kerberos)

Name	Value	Description
-AesKey	<HexString>	AES key (128 or 256)
-DesKey	<HexString>	DES key
-Tgt	<String>	Name of file containing a ticket-granting ticket (.kirbi or ccache)
-Tickets	<String[]>	Name of file containing service tickets (.kirbi or ccache)
-TicketCache	<String>	Name of ticket cache file
-K, -Kdc	<host-or-ip:port>	KDC endpoint
-S4UserName	<UserPrincipalName>	Name of user to impersonate with S4U
-U2UserName	<UserPrincipalName>	User name to request TGT for U2U
-S4UserCert	<String>	Name of file containing a certificate of a user to impersonate with S4U
-S4ProxyService	<SecurityPrincipalName>	Name of service to proxy through
-UserCert	<String>	Name of file containing user's certificate (for PKINIT)
-UserKey	<String>	Name of file containing user's key (for PKINIT)
-UserKeyPassword	<String>	Password to decrypt file containing user's key (for PKINIT)

Authentication (NTLM)

Name	Aliases	Value	Description
-Workstation	-w	<String>	Name of workstation to send with NTLM authentication
-NtlmVersion		<Version>	NTLM version number (a.b.c.d)

Connection

Name	Aliases	Value	Description
-HostAddress	-ha	<String[]>	Network address(es) of the server
-UseTcp6Only	-6	<SwitchParam>	Only use TCP over IPv6 endpoint
-UseTcp4Only	-4	<SwitchParam>	Only use TCP over IPv4 endpoint
-Dialects		<Smb2Dialect[]>	List of SMB2 dialects to negotiate
			Possible values:
			Smb2_0_2
			Smb2_1
			Smb3_0
			Smb3_0_2
			Smb3_1_1
-RequireSigning	-signreq	<SwitchParam>	Requires packets to be signed
-RequireSecureNegotiate		<SwitchParam>	Requires the client to authenticate the negotiation
-EncryptSmb		<SwitchParam>	Requires an encrypted connection

Client Behavior

Name	Aliases	Value	Description
-F, -FollowDfs		<SwitchParam>	Checks for and follows DFS referrals (default=true)
-DfsReferralBufferSize		<Int32>	Specifies the size for the DFS referral buffer (default=4096)

Examples

Example 1 - Stop a service

Scm stop LUMON-DC1 -UserName milchick -Password Br3@kr00m! -EncryptRpc myservice

FilesExpand file tree

Scm.md

Latest commit

History

Scm.md

File metadata and controls

Scm

Synopsis

Subcommands

Scm create

Synopsis

Parameters

Options

Output

Authentication

Authentication (Kerberos)

Authentication (NTLM)

Connection

Client Behavior

Examples

Example 1 - Create and start a service

Scm delete

Synopsis

Parameters

Options

Output

Authentication

Authentication (Kerberos)

Authentication (NTLM)

Connection

Client Behavior

Examples

Example 1 - Delete a service

Scm qtriggers

Synopsis

Parameters

Options

Output

Authentication

Authentication (Kerberos)

Authentication (NTLM)

Connection

Client Behavior

Scm query

Synopsis

Parameters

Options

Output

Authentication

Authentication (Kerberos)

Authentication (NTLM)

Connection

Client Behavior

Scm start

Synopsis

Parameters

Options

Output

Authentication

Authentication (Kerberos)

Authentication (NTLM)

Connection

Client Behavior

Examples

Example 1 - Start a service

Example 2 - Start a service with arguments

Scm stop

Synopsis

Parameters

Options

Output

Authentication

Authentication (Kerberos)

Authentication (NTLM)

Connection

Client Behavior

Examples

Example 1 - Stop a service