Remove the ability to reboot servers from helpdesk user's.
What is your recommendations or the best way to remove the ability to reboot servers from helpdesk technicians, analysts etc?
Even if it is on a per server basis I would like to know your thoughts.
Even if it is on a per server basis I would like to know your thoughts.
Sr. Network & Server Engineer
CERTIFIED EXPERT
I would deploy a GPO to remove and prevent access to the shutdown, restart, sleep, and hibernate commands
Network Administrator
On a user basis or a computer basis?
And how do I allow power user's to reboot with such in place?
And how do I allow power user's to reboot with such in place?
Sr. Network & Server Engineer
CERTIFIED EXPERT
You would do it through the per computer configuration, however when you add the GPO you would apply the security settings to a group so you could apply the permissions to a particular set of users, leaving your power users the capability to reboot ect as required
To allow power users to reboot their workstations, make sure your Computers and Servers are in different OUs and link the GPO I mentioned to the Servers OU.
Network Administrator
Jmac you're enabling the hightlighted option and applying to the helpdesk technicians OU?
CERTIFIED EXPERT
Adam, your right but you can also remove the run command in that group as well. Or you can edit the security properties of the shutdown.exe and deny it for any user you want.
CERTIFIED EXPERT
Hey Adam, just so you know... I agree with you and had I saw your post before I posted, I wouldn't have posted my solution but geeze you don't have to be so snarky dude.
