How to disable shutdown -i via group policy
We've been having an issue where computers have been logged off or shutdown randomly. I thought it might be shutdown - i but command prompt is disabled. However, we figured out that a student was using visual pro to open command prompt then do a shutdown -i command to remotely mess with machines.
I see there's a way to disable remote shut off via the local security policy, but I haven't been able to locate it in gp.
Thanks for your help!
I see there's a way to disable remote shut off via the local security policy, but I haven't been able to locate it in gp.
Thanks for your help!
Don
It's under User Configuration > Administrative Templates > Start Menu & Taskbar > Remove And Prevent Access To Shut Down Command.
Try disabling access to the command prompt via Group Policy.
This is located under User Configuration\Administrati
Does the student have any elevated privileges?
This is located under User Configuration\Administrati
Does the student have any elevated privileges?
ASKER
Dstewartjr - that will remove shutdown from the Start menu. I don't want the shutdown -i command to run.
Command Prompt is disabled via group policy. The students are apparently able to get into a visual pro command prompt and then run the: shutdown - i command
Students are pretty locked down.
Thanks.
Command Prompt is disabled via group policy. The students are apparently able to get into a visual pro command prompt and then run the: shutdown - i command
Students are pretty locked down.
Thanks.
Hi,
Another way to stop a user/student shutting down a machine remotely would be to amend the Security Policy (User Rights Assignment) via GPO to only enable certain people to shutdown machines.
Then when you have found the option double click on it and remove yourdomain.co.uk\user-name
Another way to stop a user/student shutting down a machine remotely would be to amend the Security Policy (User Rights Assignment) via GPO to only enable certain people to shutdown machines.
Then when you have found the option double click on it and remove yourdomain.co.uk\user-name
ASKER
Thanks Roshan Ejaz. Not familiar with how to set that up. Can you provide any helpful links?
Thanks again!
Thanks again!
Hopefully this link can help you
http://technet.microsoft.com/en-us/library/dd277307.aspx
If it doesn't help let me know and i will post a step by step on how to do it in my test lab.
http://technet.microsoft.com/en-us/library/dd277307.aspx
If it doesn't help let me know and i will post a step by step on how to do it in my test lab.
ASKER
Thanks again Roshan Ejaz. I don't know where to start with that link.. Yeah a step by step would be great!
Log onto the Domain Controller as an administrator/Domain Admin > Open Group Policy Management Console > Ensure the machines which you don't want to be shut down are located within a different OU > Create a new policy and link it here > Open Computer Config > Windows Settings > Security Settings > User Rights Assignment > Select the option Shut Down the system > Activate this policy and then put in there who you want to allow the shut down the system right to.
Once applied restart the target PC, log on as a standard user to test and see if you can shutdown the machine.
I'm not sure about the log off option because I think that would be the minimal required. Lets cross that bridge when we come to it.
Once applied restart the target PC, log on as a standard user to test and see if you can shutdown the machine.
I'm not sure about the log off option because I think that would be the minimal required. Lets cross that bridge when we come to it.
ASKER
My apologies its been a crazy week. I'll try this and respond when I get a chance to test it out. Thanks a lot!
No problem :)
ASKER
Hey Roshan,
I attempted this this morning, however, I couldn't locate "user rights assignment" in gp. Also, is seems then students wouldn't be able to shutdown any machines. I would like to disable the remote shutdown feature.
Thanks,
Ron
I attempted this this morning, however, I couldn't locate "user rights assignment" in gp. Also, is seems then students wouldn't be able to shutdown any machines. I would like to disable the remote shutdown feature.
Thanks,
Ron
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Roshan. Unfortunately, I'm not going to block access for a local shutdown. Kinda surprised there isn't a remote shutdown option. Thanks again, Ron