?
Solved

Script to automatically shutdown and restart a Windows XP computer on Domain - Permission Denied

Posted on 2005-03-11
12
Medium Priority
?
741 Views
Last Modified: 2011-10-03
I have a .bat batch file of these commands to shut down a lab of computers and a second batch file to restart them. I use the following command:
shutdown -s -m \\computername -t 0

This works very well since I am under the group "Domain Admins" because I have full power over the domain. I have teachers responsible for each computer lab, and I would appreciate them using the scripts too so they can close up shop at the end of the day. They try to run the script and get "Access Denied / Permission Denied" errors. They are part of the "users" group and do not have permission to shutdown computers remotely. How can I make it so they can remotely shutdown/restart comptuers and not give them admin priviledges? Also, they must not have priviledges to installs apps, so power users may be out too.

I abdolutely do not want to schedule the computers shutdown because there is no pattern in shutdown times.

thx
0
Comment
Question by:atkfrg56
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
12 Comments
 
LVL 4

Assisted Solution

by:tmack
tmack earned 800 total points
ID: 13520752
set up a local policy to allow them the remote shutdown privilege..
0
 
LVL 35

Accepted Solution

by:
Nirmal Sharma earned 1200 total points
ID: 13523308
>>>This works very well since I am under the group "Domain Admins"

I assume you are running Domain Controller and they are member of Domain Controller..so you need to configure this right in Default Domain Policy and you do not need to setup local policy...if you set local policy and set anything in Default Domain Policy the settings will be overridden by Default Domain Policy. So better you set this in Default Domain Policy.

1. Create a group called "ShutDownGroup"
2. Add all members to this Group.
3. Open Active Directory Users And Computers
4. Right click on domain_name.com > Property > Group Policy > Click "Default Domain Policy" > Edit > and then navigate to the following location: -

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignments\ and then edit the following policy :-

"Shutdown the system" > add the group you created "ShutDownGroup".

5. Now Close it and return to Group Policy Tab.
6. goto Security Tab of Group Policy and then set the following permissions: -

Remove the following group: -
Authenticated Users.

Add the following group: -
ShutDownGroup.

Set the following permissions for this group: -

Read and Apply Group Policy.

7. Finally click Apply and ok.
8. Now restart your all client computers.

Now try they can shutdown it.

Let me know.

Thanks
SystmProg
0
 
LVL 2

Author Comment

by:atkfrg56
ID: 13524160
tmack ,
could you be more specific please...there are lots of group polices I could use. Could you locate the 'remote shutdown policy' for me please, I am unable to find it.

SystmProg ,
I gave your idea a shot before I posted because I found it in the ee archive relating to another issue. I found that this setting didnt changes any settings with remote shutdowns...but it did change the shutdown permissions for the user logged onto the computer locally. A user not in the shutdown group, such as anyone not in the 'teachers' group I used instead of 'shutdowngroup' could only 'log out' of the computers when they clicked on shutdown instead of 'restart, hibernate, standby, shutdown'. This even applied to the local administrator which is a local account and not on the domain.
I am going to follow your directions specifically when I get back to the office for another try though, I could have messed stuff up along the way.
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 35

Assisted Solution

by:Nirmal Sharma
Nirmal Sharma earned 1200 total points
ID: 13524389
Ok give it a try and let me know.

You can also look at another tool which will assist you in creating the batch script and its absloutely free: -
To get this tool, point your browser to this link http://www.beyondlogic.org/consulting/remoteprocess/BeyondExec.htm 

Another freeware proggy also: -
http://www.beyondlogic.org/solutions/shutdown/shutdown.htm

I think there is one more command line switch you are missing 'shutdown -s -f -m \\computer'.

Let me know.

Thanks
SystmProg
0
 
LVL 2

Author Comment

by:atkfrg56
ID: 13538206
Hmm, I gave it another shot and it appears to have no effect on remote scripts, only controls local machine. This is really strange, because I cant think of a logical way to get it done via windows 1st party applications.
0
 
LVL 35

Assisted Solution

by:Nirmal Sharma
Nirmal Sharma earned 1200 total points
ID: 13563379
Does the group policy thing work?
0
 
LVL 2

Author Comment

by:atkfrg56
ID: 13573978
Naw, cant get the group policy method to work. My last post was explaining it.
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13581903
Hi,
Sorry for late response....Did you solve the problem?
0
 
LVL 2

Author Comment

by:atkfrg56
ID: 13600211
SystmProg,
I still cant get it to work. I will give you the points for your efforts when this closes...doubt anyone will get the solution.
thx
0
 
LVL 4

Assisted Solution

by:tmack
tmack earned 800 total points
ID: 13627151
this would be under your "local security setting"'s for the PC  and then go to "local policies" then "user rights assignments" and then "force shutdown from a remote system" add your users to that and you should be good to go.

T
0
 
LVL 2

Author Comment

by:atkfrg56
ID: 13683891
tmack,
I cannot get that option to work either. Instead of 'Access Denied' I get "not privilidged to use this command".



I gave up on this, and we now have an .asp script that a user logs in and the user has buttons to run pre-defined scripts on the server. We can track who uses the scripts (an added feature) and only the users we want can run them. Works very nice, its all windows, and i have the power i need.

 Points will be split 200/300 for efforts. thx
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13686348
Thanks!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question