Solved

Restrict User to Reboot Server

Posted on 2010-08-19
9
449 Views
Last Modified: 2012-06-21
I have a situation where I need to give a user remote access to reboot a server and nothing else. The server that would need to be rebooted is running 2003 Server R2 Standard. The user would be coming into the environment through a 2008 Small Business Server using Remote Web Workplace. What would be the best way to accomplish this.
0
Comment
Question by:nriacone
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 1

Accepted Solution

by:
mcsestretch earned 167 total points
ID: 33474395
Grant the user the "Shut down the system" user right in the security settings on the 2003 Server.
If the computer isn't part of a domain, go to Local Security Settings - Local Policies - User Rights Assignment.

If it is part of a domain, you'll need to make sure that setting isn't defined in the domain policy then follow the steps above.
0
 
LVL 11

Assisted Solution

by:Coast-IT
Coast-IT earned 167 total points
ID: 33474411
You could allow him in through RWW as you say, then grant access to the server in question.

Lock down the remote connection for the user in question using this template (may want to change a couple of things)

http://support.microsoft.com/kb/278295

Apart from - make sure user has access to the shutdown restart option.

That imho is the best plan of attack.
0
 
LVL 6

Assisted Solution

by:Joshua1909
Joshua1909 earned 166 total points
ID: 33474467
Another option is to download pstools from here: http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx (It is a command line utility.)

What you could do is write a simple batch file like this:
-------
psshutdown \\192.168.1.100 -u username -p password -f -t 00
-------
Save that as reboot.bat or whatever then convert it to an .exe file with http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html

Put the .exe you created and the psshutdown .exe you downloaded in the first step into the same folder on the user's computer--and run it.

The user doesn't even see the username and password being used to restart the server, and all they have to do is run the file!
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 11

Expert Comment

by:Coast-IT
ID: 33474538
The user is coming in via RWW though, so he is coming in from external anyway.  Whatever he connects to he will need a username and password.

The easiest thing would be just to give the reboot button once he has logged in.

So when you are talking about the "users computer", the user it outside of the office.....
0
 
LVL 6

Expert Comment

by:Joshua1909
ID: 33474657
@Coast-IT Yes that's true. However RWW gives him the ability to connect to another machine on the network. I don't know why the OP want's to reboot the server, but on the chance that it's because of a server session issue, or even if he just doesn't want the user to log onto the server then he has another option.
0
 

Author Comment

by:nriacone
ID: 33496905
Please excuse the delay in responding to your suggestions. I have not been able to get access to the system for the last week. I will hopefully be testing the suggestions this week and post my results.
Thanks,
Nick
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33540098
Any news?
0
 

Author Comment

by:nriacone
ID: 33549172
Other system issues consumed my week. I will try the suggestions by the end of next week.
Thanks,
Nick
0
 

Author Closing Comment

by:nriacone
ID: 34219047
The user in question has since changed positions in the company and this is no longer an issue. I divided the points evenly. Thank you for the information and I will keep it in mind for any future issues.
Thanks,
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question