Tricky way to use the SEC to execute/schedule a program on a remote endpoint

Question

A Sophos engineer a few years ago showed us a trick that could have allowed us to run an executable on a remote endpoint by using the SEC messages. I didn't document it at the time as I thought we had other tools to do that and didn't need another one. But now we have an endpoint that lost its trust with the domain, has the local admin account disabled, and is in an unreachable physical location so nobody can login into it remotely or even onsite to re-install Windows. 
 As Sophos is the only application that is still working on the device... if we can figure out how to use the message router to run a command remotely on the endpoint we'll be able to regain access. 
 Does anyone know how we could do that?

FormerMember · Answer

the scripting calls in SEC are not meant to alter the OS - they are for our own components. 
 In theory, you could deploy a PS script (not sure how you would get it onto the box if there is no trust) but based on what you are describing I have little hope of success. A domain trust break can be indicative of some serious problems on the box (HDD sectors failing, corrupted memory, amongst other things). However, you could try unjoining it -> have the script output a log -> check the log for success -> then try a join. There will be a reboot (maybe two) in there so that's a risk. 
 It would be very risky. If I was you, I would get my hands on the device before attempting anything. 
 SEC will not be able to help you here. If you just throw a file in the CID that won't do anything - the endpoints only download files that are signed and part of their manifest - you can't use SEC to infiltrate a system.