permissions to reboot (both locally and remotely)

  • Thread starter Thread starter Blake
  • Start date Start date
B

Blake

I have created a domain user and I want to grant it the rights to reboot a
server (this is NOT an admin, either local or domain).

I am looking for the minimum requirements for both a remote shutdown/reboot
as well as a local shutdown/reboot (such as a scheduled task).

I am using SHUTDOWN.EXE currently.

I have given the domain user both 'Force shutdown from a remote system' as
well as 'shut down the system' - but I get errors, most notably:

C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m \\test_server
The operation completed successfully.
A required privilege is not held by the client.

During the local attempt, the scheduled task runs but nothing happens.

Thanks
Blake
 
Blake said:
I have created a domain user and I want to grant it the rights to
reboot a server (this is NOT an admin, either local or domain).

I am looking for the minimum requirements for both a remote
shutdown/reboot as well as a local shutdown/reboot (such as a
scheduled task).
I am using SHUTDOWN.EXE currently.

I have given the domain user both 'Force shutdown from a remote
system' as well as 'shut down the system' - but I get errors, most
notably:
C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m
\\test_server The operation completed successfully.
A required privilege is not held by the client.

During the local attempt, the scheduled task runs but nothing happens.

Thanks
Blake
Click to expand...

Wow, that's a heck of a crosspost!

Not sure if there are easier ways, but one no brainer method might be
Encrypted RunAs (shareware) from http://www.wingnutsoftware.com/ and a
script/shortcut that runs shutdown.exe with the parameters you wish. Then
you can set up the shortcut to use the domain account you wish, without the
end user seeing/accessing the password directly.
 
If you look in the Local Security Policy and copy the User Rights Assignment
for Backup Operators (except for the specific Backup and Restore rights if
you don't want them to be able to do that) that should do it,
Anthony,
http://www.airdesk.co.uk
 
When the user attempts to run the shutdown command, I get event 578:

Win32 Registry/SystemShutdown module
blah blah
Privileges: seShutdownPrivilege

This user DOES have the 'user rights assignment' to shut down the system.
(as well as log on locally, as a batch job - most of the Backup Operators
rights)

Thoughts?
 
the problem here lies when that password must be changed - I'm trying to
tighten security and create an ID that can reboot the servers and not much
else. The rights seem to exist in the security policies....

Blake

"Lanwench [MVP - Exchange]"
 
I had a group policy overriding the one I was using to give the user
permissions to shut down the system.

all the user needs is 'shut down system' and 'log on as a batch job' for the
scheduled task to run.

Thanks
Blake
 
Back
Top