Solved

Restrict User to Reboot Server

Posted on 2010-08-19
9
445 Views
Last Modified: 2012-06-21
I have a situation where I need to give a user remote access to reboot a server and nothing else. The server that would need to be rebooted is running 2003 Server R2 Standard. The user would be coming into the environment through a 2008 Small Business Server using Remote Web Workplace. What would be the best way to accomplish this.
0
Comment
Question by:nriacone
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 1

Accepted Solution

by:
mcsestretch earned 167 total points
ID: 33474395
Grant the user the "Shut down the system" user right in the security settings on the 2003 Server.
If the computer isn't part of a domain, go to Local Security Settings - Local Policies - User Rights Assignment.

If it is part of a domain, you'll need to make sure that setting isn't defined in the domain policy then follow the steps above.
0
 
LVL 11

Assisted Solution

by:Coast-IT
Coast-IT earned 167 total points
ID: 33474411
You could allow him in through RWW as you say, then grant access to the server in question.

Lock down the remote connection for the user in question using this template (may want to change a couple of things)

http://support.microsoft.com/kb/278295

Apart from - make sure user has access to the shutdown restart option.

That imho is the best plan of attack.
0
 
LVL 6

Assisted Solution

by:Joshua1909
Joshua1909 earned 166 total points
ID: 33474467
Another option is to download pstools from here: http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx (It is a command line utility.)

What you could do is write a simple batch file like this:
-------
psshutdown \\192.168.1.100 -u username -p password -f -t 00
-------
Save that as reboot.bat or whatever then convert it to an .exe file with http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html

Put the .exe you created and the psshutdown .exe you downloaded in the first step into the same folder on the user's computer--and run it.

The user doesn't even see the username and password being used to restart the server, and all they have to do is run the file!
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33474538
The user is coming in via RWW though, so he is coming in from external anyway.  Whatever he connects to he will need a username and password.

The easiest thing would be just to give the reboot button once he has logged in.

So when you are talking about the "users computer", the user it outside of the office.....
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 6

Expert Comment

by:Joshua1909
ID: 33474657
@Coast-IT Yes that's true. However RWW gives him the ability to connect to another machine on the network. I don't know why the OP want's to reboot the server, but on the chance that it's because of a server session issue, or even if he just doesn't want the user to log onto the server then he has another option.
0
 

Author Comment

by:nriacone
ID: 33496905
Please excuse the delay in responding to your suggestions. I have not been able to get access to the system for the last week. I will hopefully be testing the suggestions this week and post my results.
Thanks,
Nick
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33540098
Any news?
0
 

Author Comment

by:nriacone
ID: 33549172
Other system issues consumed my week. I will try the suggestions by the end of next week.
Thanks,
Nick
0
 

Author Closing Comment

by:nriacone
ID: 34219047
The user in question has since changed positions in the company and this is no longer an issue. I divided the points evenly. Thank you for the information and I will keep it in mind for any future issues.
Thanks,
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now