• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

Newly created domain user account added as local administrator cannot reboot server ?

Hi folks,

I have created one new domain user called HelpDesk_Admin in my AD console, I have also granted this AD account as the Local Administrators manually one by one in all of my Windows Server default builtin security group.

I can now login to the server with this DOMAIN\HelpDesk_Admin account, but somehow I cannot reboot or shutdown the server for Windows Update purpose ?

how can I grant the ability to reboot the server with this user ?

Thanks
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
5 Solutions
 
DeadmanIT ConsultantCommented:
check Server default builtin security group add in GPO.

Start-->Run-->Type secpol.msc--->Local policies-->User rights assignment---> Look for Shut down the system--> Check your Server default builtin security group added.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, if there are hundreds of the Windows Servers, how can I automate this?
or do i need to logon manually to the server one by one again?
0
 
NVITCommented:
I haven't tested this but... If you get a list of servers in a text file, you might be able to use psexec and ntrights. Maybe something like:
psexec @servers.txt -u domain\adminname -p password ntrights -U "DOMAIN\HelpDesk_Admin" +R SeShutdownPrivilege

Open in new window

You should first test it with a user to confirm that it works.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Sekar ChinnakannuStaff EngineerCommented:
you cna verify the server which you exactly you looking if not, you can configure the same on group policy
0
 
McKnifeCommented:
Of course you can also solve this with GPOs, but first test if that really IS the problem. So take one server, open secpol.msc and look at that right assignment.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Using GPO's would be much more efficient and also Domain GPO's override local policies by default. So if there are local policies that are preventing these tasks having them setup via GPO would override these server settings locally.

GPO is also better because when you add new servers in to the OU where this policy is applied your Group will be automatically added.

Will.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks man !
0
 
NVITCommented:
@ITSystemEngineer. Thanks for the update.
Did you have a chance to try any of these solutions? Just curious which you decided to try and if it worked.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
I tried the domain GPO for the security policies.

It is now working as expected.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now