Solved

Disabling the shutdown option on desktop workstations through GPO in AD.

Posted on 2008-10-22
9
248 Views
Last Modified: 2012-05-05
I have searched and haven't found an option that does what I need to do.  Basically I need to disable the shutdown function of all desktop workstations (I have highlighted the OU in the picture below) so that I make sure users don't shut down thier computers at night so that nightly mandatory virii scans can kick off and complete.

Thanks in advance for you help.
desktop.ou.jpg
0
Comment
Question by:corphealth
  • 4
  • 3
  • 2
9 Comments
 
LVL 2

Expert Comment

by:calepantke
ID: 22777754
Apply this setting through GPOs for that particular OU.

User, Administrative Templates, Start Menu and Taskbar, Remove and prevent access to the Shut Down command (enable)

0
 
LVL 8

Expert Comment

by:mikainz
ID: 22777812
you'd better try to implement some wake on lan scripts before scanning the machines.
The GPO prevents from shutdown via UI, but what about pressing the OFF button at the PC ?
0
 

Author Comment

by:corphealth
ID: 22777913
"Apply this setting through GPOs for that particular OU.

User, Administrative Templates, Start Menu and Taskbar, Remove and prevent access to the Shut Down command (enable)"
Won't work? I want it on a per machine basis and not per user.  I don't want a user that uses a laptop to be affected by this.  For instance if i have a user that uses both a laptop and desktop, besides that OU that is highlighted makes only references to computers and not users, therefore it won't apply to any users.

Please advise me! =)
0
 

Author Comment

by:corphealth
ID: 22777929

"you'd better try to implement some wake on lan scripts before scanning the machines.
The GPO prevents from shutdown via UI, but what about pressing the OFF button at the PC ?"

Good call, I will have to look into this after I sucesfully remove the shutdown option.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 8

Expert Comment

by:mikainz
ID: 22778004
Why don't you just walk on to step 2 and implement the wake on lan and all your 'preventing shutdown' concerns a blown away?
0
 
LVL 2

Accepted Solution

by:
calepantke earned 500 total points
ID: 22778128
" I don't want a user that uses a laptop to be affected by this. "
You only apply that setting to a GPO that applies to the Desktop OU.

"besides that OU that is highlighted makes only references to computers and not users, therefore it won't apply to any users."
You can turn on Loopback processing mode MERGE and it will apply the user settings.
0
 

Author Comment

by:corphealth
ID: 22778145
"Why don't you just walk on to step 2 and implement the wake on lan and all your 'preventing shutdown' concerns a blown away?"
Becuase that is not what I was told to do, That is not how we want to go about it at this time.  What I want to do is stated above.

Thanks
0
 
LVL 2

Expert Comment

by:calepantke
ID: 22784633
What I mentioned above should work just fine. Let me know when you try it out.
0
 

Author Closing Comment

by:corphealth
ID: 31508788
Thanks, it worked great.  Just as an extra, I wrote a vbscript for helpdesk (just to simplify the shutdown command for them) to use in case they need to reboot a remote users pc, has been working great, thanks for the help.  
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now