Solved

Disabling the shutdown option on desktop workstations through GPO in AD.

Posted on 2008-10-22
9
256 Views
Last Modified: 2012-05-05
I have searched and haven't found an option that does what I need to do.  Basically I need to disable the shutdown function of all desktop workstations (I have highlighted the OU in the picture below) so that I make sure users don't shut down thier computers at night so that nightly mandatory virii scans can kick off and complete.

Thanks in advance for you help.
desktop.ou.jpg
0
Comment
Question by:corphealth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 2

Expert Comment

by:calepantke
ID: 22777754
Apply this setting through GPOs for that particular OU.

User, Administrative Templates, Start Menu and Taskbar, Remove and prevent access to the Shut Down command (enable)

0
 
LVL 8

Expert Comment

by:mikainz
ID: 22777812
you'd better try to implement some wake on lan scripts before scanning the machines.
The GPO prevents from shutdown via UI, but what about pressing the OFF button at the PC ?
0
 

Author Comment

by:corphealth
ID: 22777913
"Apply this setting through GPOs for that particular OU.

User, Administrative Templates, Start Menu and Taskbar, Remove and prevent access to the Shut Down command (enable)"
Won't work? I want it on a per machine basis and not per user.  I don't want a user that uses a laptop to be affected by this.  For instance if i have a user that uses both a laptop and desktop, besides that OU that is highlighted makes only references to computers and not users, therefore it won't apply to any users.

Please advise me! =)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:corphealth
ID: 22777929

"you'd better try to implement some wake on lan scripts before scanning the machines.
The GPO prevents from shutdown via UI, but what about pressing the OFF button at the PC ?"

Good call, I will have to look into this after I sucesfully remove the shutdown option.
0
 
LVL 8

Expert Comment

by:mikainz
ID: 22778004
Why don't you just walk on to step 2 and implement the wake on lan and all your 'preventing shutdown' concerns a blown away?
0
 
LVL 2

Accepted Solution

by:
calepantke earned 500 total points
ID: 22778128
" I don't want a user that uses a laptop to be affected by this. "
You only apply that setting to a GPO that applies to the Desktop OU.

"besides that OU that is highlighted makes only references to computers and not users, therefore it won't apply to any users."
You can turn on Loopback processing mode MERGE and it will apply the user settings.
0
 

Author Comment

by:corphealth
ID: 22778145
"Why don't you just walk on to step 2 and implement the wake on lan and all your 'preventing shutdown' concerns a blown away?"
Becuase that is not what I was told to do, That is not how we want to go about it at this time.  What I want to do is stated above.

Thanks
0
 
LVL 2

Expert Comment

by:calepantke
ID: 22784633
What I mentioned above should work just fine. Let me know when you try it out.
0
 

Author Closing Comment

by:corphealth
ID: 31508788
Thanks, it worked great.  Just as an extra, I wrote a vbscript for helpdesk (just to simplify the shutdown command for them) to use in case they need to reboot a remote users pc, has been working great, thanks for the help.  
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question