Yes, but be cautious. Using Invoke-Command or psexec with admin rights:
Marcus watched as the infected laptop began beaconing to an IP in a country he didn’t want to think about at 3 AM. The lock was scheduled to last exactly 47 minutes—long enough to exfiltrate the VPN configuration, the SAM hive, and the cached credentials for the legal department’s SharePoint.
Understanding FortiClient's FCRemove.exe : The "Exclusive" Tool for Clean Uninstalls
