Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Restrict User to Reboot Server

Posted on 2010-08-19
9
Medium Priority
?
458 Views
Last Modified: 2012-06-21
I have a situation where I need to give a user remote access to reboot a server and nothing else. The server that would need to be rebooted is running 2003 Server R2 Standard. The user would be coming into the environment through a 2008 Small Business Server using Remote Web Workplace. What would be the best way to accomplish this.
0
Comment
Question by:nriacone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 1

Accepted Solution

by:
mcsestretch earned 668 total points
ID: 33474395
Grant the user the "Shut down the system" user right in the security settings on the 2003 Server.
If the computer isn't part of a domain, go to Local Security Settings - Local Policies - User Rights Assignment.

If it is part of a domain, you'll need to make sure that setting isn't defined in the domain policy then follow the steps above.
0
 
LVL 11

Assisted Solution

by:Coast-IT
Coast-IT earned 668 total points
ID: 33474411
You could allow him in through RWW as you say, then grant access to the server in question.

Lock down the remote connection for the user in question using this template (may want to change a couple of things)

http://support.microsoft.com/kb/278295

Apart from - make sure user has access to the shutdown restart option.

That imho is the best plan of attack.
0
 
LVL 6

Assisted Solution

by:Joshua1909
Joshua1909 earned 664 total points
ID: 33474467
Another option is to download pstools from here: http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx (It is a command line utility.)

What you could do is write a simple batch file like this:
-------
psshutdown \\192.168.1.100 -u username -p password -f -t 00
-------
Save that as reboot.bat or whatever then convert it to an .exe file with http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html

Put the .exe you created and the psshutdown .exe you downloaded in the first step into the same folder on the user's computer--and run it.

The user doesn't even see the username and password being used to restart the server, and all they have to do is run the file!
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 11

Expert Comment

by:Coast-IT
ID: 33474538
The user is coming in via RWW though, so he is coming in from external anyway.  Whatever he connects to he will need a username and password.

The easiest thing would be just to give the reboot button once he has logged in.

So when you are talking about the "users computer", the user it outside of the office.....
0
 
LVL 6

Expert Comment

by:Joshua1909
ID: 33474657
@Coast-IT Yes that's true. However RWW gives him the ability to connect to another machine on the network. I don't know why the OP want's to reboot the server, but on the chance that it's because of a server session issue, or even if he just doesn't want the user to log onto the server then he has another option.
0
 

Author Comment

by:nriacone
ID: 33496905
Please excuse the delay in responding to your suggestions. I have not been able to get access to the system for the last week. I will hopefully be testing the suggestions this week and post my results.
Thanks,
Nick
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33540098
Any news?
0
 

Author Comment

by:nriacone
ID: 33549172
Other system issues consumed my week. I will try the suggestions by the end of next week.
Thanks,
Nick
0
 

Author Closing Comment

by:nriacone
ID: 34219047
The user in question has since changed positions in the company and this is no longer an issue. I divided the points evenly. Thank you for the information and I will keep it in mind for any future issues.
Thanks,
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question