Solved

windows 2000 - Disable shut down for "Users" group

Posted on 2004-04-01
10
2,057 Views
Last Modified: 2013-12-04
i have a www/ftp server that is used by members of the "Users" group, i need to prevent members of this group from shutting down and restarting the machine. Only administrators need this right. I understand this is done using a group profile. This is new to me, i have never used this feature so specific instructions will be appreciated, as will any help.

s1desh0w :o)
0
Comment
Question by:s1desh0w
  • 6
  • 2
  • 2
10 Comments
 
LVL 11

Expert Comment

by:kabaam
ID: 10737307
Hi s1desh0w,
This could be done in group policy in windows 2k.
A walk through setting up a GPO
http://computing.vt.edu/infrastructure_services/hokies_domain/central_services/creatinggpo.html


happy trails
Chad
0
 
LVL 11

Expert Comment

by:kabaam
ID: 10737321
It would be best to create an OU .. add that server to the OU and edit the policy for computer

in gpo expand the tree to here

computer configuration
  windows settings
    security settings
      local policy
         user rights assignment
           
          you will find a key on the right panel 'log on locally'
                edit it to include the admins and any other group/user you wish
0
 

Author Comment

by:s1desh0w
ID: 10737456
how do i create an OU? i have discovered how disable shut down for ALL users by adding a group policy in the MMC then navigating to local computer policy/user configuration/administrative templates/start menu and taskbar and enabling the disable and remove shutdown command. How close am i to enabling this for one particular group?

P.S. I really am winging this, i have no idea!

Thanks both...

S1desh0w
0
 
LVL 11

Expert Comment

by:kabaam
ID: 10737538
HOW TO: Create Organizational Units in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;324743

not much has changed between 2k and 2k3 in regards to creating ou

1. create an OU
2. add the COMPUTERS you want resticted to the OU
3. create GPO for OU.... right click the OU and select properties... click policies tab.. use the 1st link for more on that
4. edit policy using my second post to find the KEY you need to edit

BTW, I am sure you have noticed I included the wrong key in my last post... there is one that says 'shut down system'
0
 

Author Comment

by:s1desh0w
ID: 10737720
Thanks, but i have no "active directory computers and users" in my control panel, i don't know if this is a difference between 2000 and 2003 or not. At present this is a simple workgroup network set up on 2000 pro, with a few folders shared and one pc operating as a www/ftp server. I should have made that clear earlier perhaps, sorry!

I found a way to disable shutdown via control panel/local security/local policies/user rights assignment, making "shut down the system" only available to administrators. But, once users log off (which is now their only option after selecting shutdown from the start menu) the login dialog is displayed, along with the option to shutdown! Maybe that can be disabled aswell?

Thanks

s1desh0w
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 11

Expert Comment

by:kabaam
ID: 10737809
http://support.microsoft.com/?kbid=232399

this shows how to enable it... do the opposite :-)
0
 
LVL 11

Expert Comment

by:kabaam
ID: 10737816
The AD users and computers snap-in is found on domain computers.  I assumed your network was a domain... sorry
No OUs in workgroups either.  refer to the link to add to what you have already done and you should be good.
gl
0
 
LVL 11

Accepted Solution

by:
kabaam earned 50 total points
ID: 10737822
The actual key is      "shutdown: allow system to be shut down without having to log on"
0
 
LVL 12

Assisted Solution

by:trywaredk
trywaredk earned 50 total points
ID: 10738675
Disable the Shut Down Command
http://www.winguides.com/registry/display.php/146/

Disable Shutdown from Authentication Dialog Box (Windows NT/2000/XP)
http://www.winguides.com/registry/display.php/135/

Change the Log Off and Shutdown Settings
http://www.winguides.com/registry/display.php/1170/

Do it on one computer, and save the settings in a reg-file.
Edit the regfile, and remove anything else from the subkeys than the 3 settings above
Distribute the reg-file in logon-script

%systemroot%\system32\regedit.exe -s \\YourComputerName\YourShareName\YourRegFileName.reg

Carefull - you can harm your computers if you don't know what you are doing in registry.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10749237
:o) Glad we could help you - thank you for the points
0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now