Solved

Restricting users from shutting off server

Posted on 2016-09-23
13
48 Views
Last Modified: 2016-09-23
Hi, on 2 occasions one of the users in our west coast office has tried restarting the Remote Desktop server in east coast office but accidentally selects option to shut it down instead of restarting so server remains off rest of the evening. Is there a way to block these users from being able to do this? Thanks
0
Comment
Question by:dankyle67
  • 7
  • 3
  • 3
13 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 41812378
What server OS?
on Win2k member servers: users may do it.
2003 member servers: power users may do it
2008 and higher member servers: only admins and backup operators may shut those down
On Domain controllers: no matter what OS, only admins may shut it down.

Or are your users admins?
0
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 41812380
You can do it with Group Policy. In the GPO, navigate to: User Config > Policies > Admin Templates > Start Menu > Remove and prevent access to the Shut Down, Restart, Sleep and Hibernate Commands.
0
 

Author Comment

by:dankyle67
ID: 41812416
this is on windows 2012 so as long as they are not domain admins then they cannot perform a shutdown of the server?  I will double check and will also take a look at restricting them using the advised gpo steps.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:dankyle67
ID: 41812434
Also. on 2012 server i was trying to use gpmc.msc to access gpo but didnt come up so is this correct or is there another way to access gpo
0
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 41812443
This GPO setting is available on a 2012 server.
Logon to server.
Start Server Manager
Click on Tools
Click on Group Policy Management.
Either create a new GPO or modify an existing GPO. (Be careful you probably do not want to apply this to all workstations.

Use path above to set he appropriate settings.
0
 

Author Comment

by:dankyle67
ID: 41812464
I went there before and the group policy management option is not listed so is this supposed to be done on one of the domain controllers?  The 2012 server i was trying to look for it on is a remote desktop server.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41812469
" so as long as they are not domain admins then they cannot perform a shutdown of the server? " - As long as they are not admins on that server, they cannot shut it down.
0
 
LVL 12

Accepted Solution

by:
Gary Dewrell earned 250 total points
ID: 41812473
Ah, yes, those instructions are for doing it on a DC with Group Policy.
If you want to do it on a single server you can.
Just click on the windows Icon and type Local Group Policy Editor.
Then follow the instructions above.
0
 

Author Comment

by:dankyle67
ID: 41812499
I wasnt sure which windows logo you meant so i just went to run box and typed gpedit.msc and when i selected admin templates i didnt see start menu option but there was start menu and taskbar line but this doesnt have what you described.
0
 

Author Comment

by:dankyle67
ID: 41812504
Actually i found it
0
 

Author Comment

by:dankyle67
ID: 41812535
Ok i enabled the restriction so was wondering if i log in as domain admin on that server, will i also not be able to see the power button or does it only affect non domain admin users?
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41812546
It is for all users that this policy applies to. Why even use it? Are your users admins? If not, they cannot shutdown the server. If they are admins however, no restriction will keep them from undoing it.
0
 

Author Comment

by:dankyle67
ID: 41812559
One of the users is a domain admin but i plan on removing him from that group so then nobody should be able to shut down server by accident.  Thanks for all the help
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question