?
Solved

Newly created domain user account added as local administrator cannot reboot server ?

Posted on 2015-01-07
9
Medium Priority
?
191 Views
Last Modified: 2015-01-08
Hi folks,

I have created one new domain user called HelpDesk_Admin in my AD console, I have also granted this AD account as the Local Administrators manually one by one in all of my Windows Server default builtin security group.

I can now login to the server with this DOMAIN\HelpDesk_Admin account, but somehow I cannot reboot or shutdown the server for Windows Update purpose ?

how can I grant the ability to reboot the server with this user ?

Thanks
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 7

Accepted Solution

by:
Deadman earned 400 total points
ID: 40537183
check Server default builtin security group add in GPO.

Start-->Run-->Type secpol.msc--->Local policies-->User rights assignment---> Look for Shut down the system--> Check your Server default builtin security group added.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40537225
ok, if there are hundreds of the Windows Servers, how can I automate this?
or do i need to logon manually to the server one by one again?
0
 
LVL 25

Assisted Solution

by:NVIT
NVIT earned 400 total points
ID: 40537307
I haven't tested this but... If you get a list of servers in a text file, you might be able to use psexec and ntrights. Maybe something like:
psexec @servers.txt -u domain\adminname -p password ntrights -U "DOMAIN\HelpDesk_Admin" +R SeShutdownPrivilege

Open in new window

You should first test it with a user to confirm that it works.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 25

Assisted Solution

by:Sekar Chinnakannu
Sekar Chinnakannu earned 400 total points
ID: 40537308
you cna verify the server which you exactly you looking if not, you can configure the same on group policy
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 400 total points
ID: 40537381
Of course you can also solve this with GPOs, but first test if that really IS the problem. So take one server, open secpol.msc and look at that right assignment.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 400 total points
ID: 40538279
Using GPO's would be much more efficient and also Domain GPO's override local policies by default. So if there are local policies that are preventing these tasks having them setup via GPO would override these server settings locally.

GPO is also better because when you add new servers in to the OU where this policy is applied your Group will be automatically added.

Will.
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40539256
Thanks man !
0
 
LVL 25

Expert Comment

by:NVIT
ID: 40539276
@ITSystemEngineer. Thanks for the update.
Did you have a chance to try any of these solutions? Just curious which you decided to try and if it worked.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40539302
I tried the domain GPO for the security policies.

It is now working as expected.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month11 days, 20 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question