Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Disabling the shutdown option on desktop workstations through GPO in AD.

Posted on 2008-10-22
9
Medium Priority
?
263 Views
Last Modified: 2012-05-05
I have searched and haven't found an option that does what I need to do.  Basically I need to disable the shutdown function of all desktop workstations (I have highlighted the OU in the picture below) so that I make sure users don't shut down thier computers at night so that nightly mandatory virii scans can kick off and complete.

Thanks in advance for you help.
desktop.ou.jpg
0
Comment
Question by:corphealth
  • 4
  • 3
  • 2
9 Comments
 
LVL 2

Expert Comment

by:calepantke
ID: 22777754
Apply this setting through GPOs for that particular OU.

User, Administrative Templates, Start Menu and Taskbar, Remove and prevent access to the Shut Down command (enable)

0
 
LVL 8

Expert Comment

by:mikainz
ID: 22777812
you'd better try to implement some wake on lan scripts before scanning the machines.
The GPO prevents from shutdown via UI, but what about pressing the OFF button at the PC ?
0
 

Author Comment

by:corphealth
ID: 22777913
"Apply this setting through GPOs for that particular OU.

User, Administrative Templates, Start Menu and Taskbar, Remove and prevent access to the Shut Down command (enable)"
Won't work? I want it on a per machine basis and not per user.  I don't want a user that uses a laptop to be affected by this.  For instance if i have a user that uses both a laptop and desktop, besides that OU that is highlighted makes only references to computers and not users, therefore it won't apply to any users.

Please advise me! =)
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:corphealth
ID: 22777929

"you'd better try to implement some wake on lan scripts before scanning the machines.
The GPO prevents from shutdown via UI, but what about pressing the OFF button at the PC ?"

Good call, I will have to look into this after I sucesfully remove the shutdown option.
0
 
LVL 8

Expert Comment

by:mikainz
ID: 22778004
Why don't you just walk on to step 2 and implement the wake on lan and all your 'preventing shutdown' concerns a blown away?
0
 
LVL 2

Accepted Solution

by:
calepantke earned 2000 total points
ID: 22778128
" I don't want a user that uses a laptop to be affected by this. "
You only apply that setting to a GPO that applies to the Desktop OU.

"besides that OU that is highlighted makes only references to computers and not users, therefore it won't apply to any users."
You can turn on Loopback processing mode MERGE and it will apply the user settings.
0
 

Author Comment

by:corphealth
ID: 22778145
"Why don't you just walk on to step 2 and implement the wake on lan and all your 'preventing shutdown' concerns a blown away?"
Becuase that is not what I was told to do, That is not how we want to go about it at this time.  What I want to do is stated above.

Thanks
0
 
LVL 2

Expert Comment

by:calepantke
ID: 22784633
What I mentioned above should work just fine. Let me know when you try it out.
0
 

Author Closing Comment

by:corphealth
ID: 31508788
Thanks, it worked great.  Just as an extra, I wrote a vbscript for helpdesk (just to simplify the shutdown command for them) to use in case they need to reboot a remote users pc, has been working great, thanks for the help.  
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question