Solved

How to disable shutdown -i via group policy

Posted on 2014-10-10
13
259 Views
Last Modified: 2014-10-23
We've been having an issue where computers have been logged off or shutdown randomly. I thought it might be shutdown - i but command prompt is disabled. However, we figured out that a student was using visual pro to open command prompt then do a shutdown -i command to remotely mess with machines.

I see there's a way to disable remote shut off via the local security policy, but I haven't been able to locate it in gp.
Thanks for your help!
0
Comment
Question by:PapaSmurff
  • 6
  • 6
13 Comments
 
LVL 47

Expert Comment

by:dstewartjr
ID: 40373782
It's under  User Configuration > Administrative Templates > Start Menu & Taskbar > Remove And Prevent Access To Shut Down Command.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40373814
Try disabling access to the command prompt via Group Policy.

This is located under User Configuration\Administrative Templates\System

Does the student have any elevated privileges?
0
 

Author Comment

by:PapaSmurff
ID: 40373836
Dstewartjr - that will remove shutdown from the Start menu. I don't want the shutdown -i command to run.

Command Prompt is disabled via group policy. The students are apparently able to get into a visual pro command prompt and then run the: shutdown - i command

Students are pretty locked down.
Thanks.
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40373887
Hi,

Another way to stop a user/student shutting down a machine remotely would be to amend the Security Policy (User Rights Assignment) via GPO to only enable certain people to shutdown machines.

Mylocalsecpol
Then when you have found the option double click on it and remove yourdomain.co.uk\user-name or user
0
 

Author Comment

by:PapaSmurff
ID: 40376791
Thanks Roshan Ejaz. Not familiar with how to set that up. Can you provide any helpful links?
Thanks again!
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40376798
Hopefully this link can help you

http://technet.microsoft.com/en-us/library/dd277307.aspx

If it doesn't help let me know and i will post a step by step on how to do it in my test lab.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:PapaSmurff
ID: 40377241
Thanks again Roshan Ejaz.  I don't know where to start with that link.. Yeah a step by step would be great!
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40377291
Log onto the Domain Controller as an administrator/Domain Admin > Open Group Policy Management Console > Ensure the machines which you don't want to be shut down are located within a different OU > Create a new policy and link it here > Open Computer Config > Windows Settings > Security Settings > User Rights Assignment > Select the option Shut Down the system > Activate this policy and then put in there who you want to allow the shut down the system right to.

Once applied restart the target PC, log on as a standard user to test and see if you can shutdown the machine.

I'm not sure about the log off option because I think that would be the minimal required. Lets cross that bridge when we come to it.
0
 

Author Comment

by:PapaSmurff
ID: 40384972
My apologies its been a crazy week. I'll try this and respond when I get a chance to test it out. Thanks a lot!
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40384977
No problem :)
0
 

Author Comment

by:PapaSmurff
ID: 40396938
Hey Roshan,
 I attempted this this morning, however, I couldn't locate "user rights assignment" in gp. Also, is seems then students wouldn't be able to shutdown any machines. I would like to disable the remote shutdown feature.
Thanks,
Ron
0
 
LVL 13

Accepted Solution

by:
Rizzle earned 500 total points
ID: 40397782
the only way to disable remote shutdown would be to ensure they don't have access to shutdown machines, this is defined in the User Rights Assignments.

Below is a screenshot of my test lab with the policy highlighted.

Also this will ensure only certain people can shutdown the systems you apply the policy to.

User Rights Assignment
0
 

Author Comment

by:PapaSmurff
ID: 40399035
Thanks Roshan. Unfortunately, I'm not going to block access for a local shutdown. Kinda surprised there isn't a remote shutdown option. Thanks again, Ron
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
530 User cannot login, home directory inaccessible 18 38
Raid problem 10 32
SQL Server memory Issue 7 74
system state backup 1 9
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now