shutdown permissions

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have to give 2 non-admins the rights to shutdown and restart a W2k SP4 Server and Windows NT Server that are member servers. I have given them the 'shutdown the system' and 'force shutdown from remote system' rights. They are unable to shutdown the systems. What am I missing? Thanks.
 
Check that they are included in the "effective settings" in Local Security Policy on
the machines in question. Possibly a higher priority policy such as domain/OU level
are overriding the policy you set in which case you may need to move them into their
own OU with policy applied from a GPO at that level. --- Steve


mizzleman said:
I have to give 2 non-admins the rights to shutdown and restart a W2k SP4 Server and
Click to expand...
Windows NT Server that are member servers. I have given them the 'shutdown the
system' and 'force shutdown from remote system' rights. They are unable to shutdown
the systems. What am I missing? Thanks.
 
Steve
I t hought about that. The default domain GPO has not been changed since AD was implemented. The 2 rights were left as not defined. I figured the Local Policy would stay in effect. I logged on as the user and ran whoami and it shows the correct rights. I may try to move the machines into their own OU and set the rights that way.
 
Hmm. It should work as you described then, especially if effective settings show the
settings are enabled. If you have an XP Pro machine in the domain you can use the
Group Policy Management Console [see link below] on it to manage W2K domain policy
and it is much improved in helping to display what policy is being applied and from
where. The gpresult tool is also helpful and it shows last time policy was
pplied. --- Steve

http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

mizzleman said:
Steve,
I t hought about that. The default domain GPO has not been changed since AD was
Click to expand...
implemented. The 2 rights were left as not defined. I figured the Local Policy would
stay in effect. I logged on as the user and ran whoami and it shows the correct
rights. I may try to move the machines into their own OU and set the rights that way.
 
That should not make any difference. Mixed mode just allows NT4.0 BDC's to exist in
the domain. But anyhow I guess it still doesn't work yet for you. --- Steve
 
Back
Top