group policy.  All users need to log off first before being able to shutdown.  I can not find...

Posted on 2008-06-26
Last Modified: 2013-12-04
I set some group policies.  Now when users need to shutdown, they must log off first tehn the shutdown option appears.  I have looked and looked at all the group policies but can not seem to find the one that affects this situation?

Please help.

Question by:nuiphao
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Expert Comment

ID: 21872717
maybe look at this setting in your GPO's: user configuration\administrative templates\start menu and taskbar\remove and prevent access to the shutdown command

Expert Comment

ID: 21872861
Use RSOP (MMC > resultant set of policy) to see if any policy removes the shutdown button.

Author Comment

ID: 21914446
i did a google search on RSOP.  It is beyond my current comprehension.  Could you provide some suggestion?  I have checked the GPO and the shutdown feature has not been configured.
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today -


Expert Comment

ID: 21914621
Policies are applied in order (LSD Overdose):


First the local policy will be applied, than the site policies etc. Sometimes the same setting is applied on different levels with different values. Then it's not easy to find out in wich policy a setting is defined. That's when RSOP becomes a handy tool.

To prevent you from having to check every policy for a certain setting you can use the RSOP. This tool can be found in the MMC (start > run > mmc.exe). Add the "resultant set of policies" snap-in. Right click the tool and click "generate RSOP data". Now you can browse to the setting that you want to check.
If you found the setting scroll right to see wich policy defined it.

Author Comment

ID: 21914739
i checked through RSOP but do not see the user configuration\administrative templates\start menu and taskbar\remove and prevent access to the shutdown command.  In fact there are no items displayed from user configuration\administrative templates\start menu and taskbar\ although there is on the GPO from the computer and username I checked.  (ie.  remove Links and Access to Windows Update).


Author Comment

ID: 22518763
How can I restore it so the shutdown menu reappears?

Accepted Solution

minvis earned 50 total points
ID: 22548067
You can try two options:

- Confugure it in the local computer policy (start -> run -> gpedit.msc)
- Configure it on an OU (active directory users and computers)

I would prefere using OU's because it's less work.

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question