?
Solved

Disable Shutdown Ability

Posted on 2004-09-29
8
Medium Priority
?
329 Views
Last Modified: 2010-07-27
Hello,
 I'd like to disable the ability for ANY person to shutdown or restart ANY of my servers via Terminal Services.  I want to prevent EVERYONE from accidentally shutting down or restarting a server when exiting their Terminal Services session, EVEN Administrators. All my servers are Win2k or Win2k3 and are DCs or member servers of an AD Forest.

The solution to http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_20890266.html did not do the trick for me.

Thanks in advance...
-Mike-
0
Comment
Question by:ehaley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 9

Accepted Solution

by:
CDCOP earned 500 total points
ID: 12181286
If you use GPO's for your different users, this will be great. If you don't you may not be able to shutdown unless you create a script to shutdown. Here you go:
GPEDIT.MSC -> User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Remove and Prevent access to the shutdown command
0
 
LVL 1

Author Comment

by:ehaley
ID: 12181600
Hello CDCOP,

 I have already configured a Group Policy for my DC's and Member Servers with the "Disable and remove the Shut Down command' Enabled, but at last this does not  seem to apply to Administrators who terminal service into the server(s). This does appear to apply to Domain Users however.

I have applied this GP to my Servers and Domain Controllers OU without any luck. I have also applied it to a Test OU and moved the Domain Admin account into it.
0
 
LVL 9

Expert Comment

by:CDCOP
ID: 12181993
You more than likely have another policy that overrides this one for your admins. Are you sure you are applying this one to your admins, and they are actually in the read and apply security?
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 1

Author Comment

by:ehaley
ID: 12183024
Could you explain this statement":
"Are you sure you are applying this one to your admins, and they are actually in the read and apply security?"

None of my 3 Administrators login to the server under their own user account This would create profiles, we don;t want that..
We each use the Domain Administrator account every time we terminal service to a server..

Our GPs are very minimal. I have a password pol at the root level, and a default Server pol on my Servers and DCs OU. None of which have this "Disable and remove the Shut Down command" configured.

-Mike-
0
 
LVL 9

Expert Comment

by:CDCOP
ID: 12186300
Do your admins need to have the shutdown removed also? If so, change your current GP to enable for that setting, and make sure they are in the security settings (admins) to receive this setting.
0
 
LVL 1

Author Comment

by:ehaley
ID: 12230619
CDCOP,
Sorry for the delay. I got pulled away on other things. My origional question at the top explains exactly what I need.  I tried one of your steps and I ended up not being about to logoff of a terminal service sessions. I had to disconnect and terminate the session via Terminal Services Manager. If you can think of anything else, great, I'd really appreciate it, otherwise thanks for your efforts..
-Mike-
0
 
LVL 1

Author Comment

by:ehaley
ID: 12237343
Thanks CDCOP, You lead me in the right direction. Thanks for your help on this one..

http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid63_gci973162,00.html

There is no per-computer policy to remove this setting, but you can remove the shutdown button for his account by editing the group policy to disable and remove the shutdown button. This won't prevent him from shutting down the server entirely -- "tsshutdn" will still work -- but it will prevent him from accidentally doing so. (You can also control this setting by using configuration tools like triCerat's RegSet or editing the registry directly -- this setting is in HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer. Set NoClose's value to 1.)
0
 
LVL 1

Author Comment

by:ehaley
ID: 12241975
Added these DWORD Reg values into HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer with a value of 1

Policy:Disable and remove the Turn Off Computer button
Description:Removes the "Turn Off Computer" button from the Start Menu and
prevents shutting down Windows using the standard shutdown user interface.
Registry Value:"NoClose"

Policy:Force Logoff to the Start Menu
Description:Forces the Logoff button to the Start menu and prevents users
from removing the Logoff option from the Start menu.
Registry Value:"ForceStartMenuLogoff"

Works like a charm.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question