Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Restricting users from shutting off server

Posted on 2016-09-23
13
Medium Priority
?
59 Views
Last Modified: 2016-09-23
Hi, on 2 occasions one of the users in our west coast office has tried restarting the Remote Desktop server in east coast office but accidentally selects option to shut it down instead of restarting so server remains off rest of the evening. Is there a way to block these users from being able to do this? Thanks
0
Comment
Question by:dankyle67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 3
13 Comments
 
LVL 56

Expert Comment

by:McKnife
ID: 41812378
What server OS?
on Win2k member servers: users may do it.
2003 member servers: power users may do it
2008 and higher member servers: only admins and backup operators may shut those down
On Domain controllers: no matter what OS, only admins may shut it down.

Or are your users admins?
0
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 41812380
You can do it with Group Policy. In the GPO, navigate to: User Config > Policies > Admin Templates > Start Menu > Remove and prevent access to the Shut Down, Restart, Sleep and Hibernate Commands.
0
 

Author Comment

by:dankyle67
ID: 41812416
this is on windows 2012 so as long as they are not domain admins then they cannot perform a shutdown of the server?  I will double check and will also take a look at restricting them using the advised gpo steps.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:dankyle67
ID: 41812434
Also. on 2012 server i was trying to use gpmc.msc to access gpo but didnt come up so is this correct or is there another way to access gpo
0
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 41812443
This GPO setting is available on a 2012 server.
Logon to server.
Start Server Manager
Click on Tools
Click on Group Policy Management.
Either create a new GPO or modify an existing GPO. (Be careful you probably do not want to apply this to all workstations.

Use path above to set he appropriate settings.
0
 

Author Comment

by:dankyle67
ID: 41812464
I went there before and the group policy management option is not listed so is this supposed to be done on one of the domain controllers?  The 2012 server i was trying to look for it on is a remote desktop server.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41812469
" so as long as they are not domain admins then they cannot perform a shutdown of the server? " - As long as they are not admins on that server, they cannot shut it down.
0
 
LVL 12

Accepted Solution

by:
Gary Dewrell earned 1000 total points
ID: 41812473
Ah, yes, those instructions are for doing it on a DC with Group Policy.
If you want to do it on a single server you can.
Just click on the windows Icon and type Local Group Policy Editor.
Then follow the instructions above.
0
 

Author Comment

by:dankyle67
ID: 41812499
I wasnt sure which windows logo you meant so i just went to run box and typed gpedit.msc and when i selected admin templates i didnt see start menu option but there was start menu and taskbar line but this doesnt have what you described.
0
 

Author Comment

by:dankyle67
ID: 41812504
Actually i found it
0
 

Author Comment

by:dankyle67
ID: 41812535
Ok i enabled the restriction so was wondering if i log in as domain admin on that server, will i also not be able to see the power button or does it only affect non domain admin users?
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 41812546
It is for all users that this policy applies to. Why even use it? Are your users admins? If not, they cannot shutdown the server. If they are admins however, no restriction will keep them from undoing it.
0
 

Author Comment

by:dankyle67
ID: 41812559
One of the users is a domain admin but i plan on removing him from that group so then nobody should be able to shut down server by accident.  Thanks for all the help
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question