Shutdown/Removed Power User rights from desktop

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have removed users from the power user group and now they belong to the
Domain User group on the desktops. Now they have to logoff before the
shutdown option is available. Where do I change this setting back to allow a
Shutdown, Restart or Logoff option or is this available only if you are a
member of the Power User group.

Thanks in advance

Cindy
 
Hello Cindy,

Here is an article that may help you:

HOW TO: Make the Shutdown Button Unavailable in the Logon Dialog Box in
Windows Server 2003
http://support.microsoft.com/default.aspx?scid=KB;EN-US;816569

Thank you.

Diana [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Shutdown/Removed Power User rights from desktop
| thread-index: AcU5TNe5GkUHzGBRRTOYE5kT/M2mJg==
| X-WBNR-Posting-Host: 66.46.10.196
| From: "=?Utf-8?B?Q2luZHk=?=" <[email protected]>
| Subject: Shutdown/Removed Power User rights from desktop
| Date: Mon, 4 Apr 2005 12:31:04 -0700
| Lines: 12
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.win2000.security
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.security:13082
| X-Tomcat-NG: microsoft.public.win2000.security
|
| I have removed users from the power user group and now they belong to the
| Domain User group on the desktops. Now they have to logoff before the
| shutdown option is available. Where do I change this setting back to
allow a
| Shutdown, Restart or Logoff option or is this available only if you are a
| member of the Power User group.
|
| Thanks in advance
|
| Cindy
|
|
|
|


This posting is provided "AS IS" with no warranties, and confers no rights.


(e-mail address removed)
 
Thank you......I have this article but I don't have a Start Menu & Taskbar
option. Also this is when the users are logging off. They have to logoff
before the there options are available.
 
Normally users can shutdown their computers. Possibly this was changed in
domain policy. On one of those computer open Local Security Policy
[secpol.msc] and go to security settings/local policies/user rights and look
at the "effective" setting for the user right for "shut down the system". If
the users group is not present you can add it. You would want to do such at
the domain or Organizational Unit Level where that security policy is
defined. The support tool gpresult will show what computer configuration
group policies are applying to the computer. It would be best to define it
in the policy "closest" to the computer such at the OU level GPO if one is
used. Otherwise it probably is defined in Domain Security Policy. --- Steve
 
Thanks, Steve. The Local Security Policy indicates that users have this
right, but the effective policy is "greyed out", does that mean the effective
policy is coming from the Doman Security Policy. I opened the "DMS" and the
status was not defined, so I added both Administrators and Domain Users. I
have the support tools installed but can not find gpresult. Where do I get
this?

Cindy

Steven L Umbach said:
Normally users can shutdown their computers. Possibly this was changed in
domain policy. On one of those computer open Local Security Policy
[secpol.msc] and go to security settings/local policies/user rights and look
at the "effective" setting for the user right for "shut down the system". If
the users group is not present you can add it. You would want to do such at
the domain or Organizational Unit Level where that security policy is
defined. The support tool gpresult will show what computer configuration
group policies are applying to the computer. It would be best to define it
in the policy "closest" to the computer such at the OU level GPO if one is
used. Otherwise it probably is defined in Domain Security Policy. --- Steve


Cindy said:
I have removed users from the power user group and now they belong to the
Domain User group on the desktops. Now they have to logoff before the
shutdown option is available. Where do I change this setting back to
allow a
Shutdown, Restart or Logoff option or is this available only if you are a
member of the Power User group.

Thanks in advance

Cindy
Click to expand...
Click to expand...
 
You should still be able to read the effective policy even if it is grayed
out to see if users are included but at least you know you have an
overriding policy applying from somewhere. You will need to run support
tools from the folder where they are installed or specify the full path to
them. If a security policy setting is undefined it may have been define at
one time. You could try defining it with all the groups that you need to
have that user right. Then run secedit /refreshpolicy machine_policy
/enforce first on the domain controller and then on the client computer to
see if that changes effective policy. If that does not help you need to find
what Group Policies/computer configuration are being applied to those
computers and reconfigure the policy that is being applied to the computers
at that level. Gpresult will show you something like below which I ran on my
computer for applied Group Policy objects. --- Steve

COMPUTER SETTINGS
------------------
CN=STEVE-XP,CN=Computers,DC=umbach1,DC=com
Last time Group Policy was applied: 4/7/2005 at 1:25:14 PM
Group Policy was applied from: server1-2000.umbach1.com
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
Default Domain Policy
Local Group Policy


Cindy said:
Thanks, Steve. The Local Security Policy indicates that users have this
right, but the effective policy is "greyed out", does that mean the
effective
policy is coming from the Doman Security Policy. I opened the "DMS" and
the
status was not defined, so I added both Administrators and Domain Users.
I
have the support tools installed but can not find gpresult. Where do I
get
this?

Cindy

Steven L Umbach said:
Normally users can shutdown their computers. Possibly this was changed in
domain policy. On one of those computer open Local Security Policy
[secpol.msc] and go to security settings/local policies/user rights and
look
at the "effective" setting for the user right for "shut down the system".
If
the users group is not present you can add it. You would want to do such
at
the domain or Organizational Unit Level where that security policy is
defined. The support tool gpresult will show what computer configuration
group policies are applying to the computer. It would be best to define
it
in the policy "closest" to the computer such at the OU level GPO if one
is
used. Otherwise it probably is defined in Domain Security Policy. ---
Steve


Cindy said:
I have removed users from the power user group and now they belong to
the
Domain User group on the desktops. Now they have to logoff before the
shutdown option is available. Where do I change this setting back to
allow a
Shutdown, Restart or Logoff option or is this available only if you are
a
member of the Power User group.

Thanks in advance

Cindy
Click to expand...
Click to expand...
Click to expand...
 
YES, YES, YES, IT WORKS NOW......The settings was in the Default Domain
Controller Policy, Computer Configuration, Windows Settings, Security
Settings, Local Policies, User Rights Assignment, Shutdown the system. I
have to mention though that the Power User group was not in here, but I do
see an entry for *S-1-5-32-547.

Thanks again for all your help.

Cindy

Steven L Umbach said:
You should still be able to read the effective policy even if it is grayed
out to see if users are included but at least you know you have an
overriding policy applying from somewhere. You will need to run support
tools from the folder where they are installed or specify the full path to
them. If a security policy setting is undefined it may have been define at
one time. You could try defining it with all the groups that you need to
have that user right. Then run secedit /refreshpolicy machine_policy
/enforce first on the domain controller and then on the client computer to
see if that changes effective policy. If that does not help you need to find
what Group Policies/computer configuration are being applied to those
computers and reconfigure the policy that is being applied to the computers
at that level. Gpresult will show you something like below which I ran on my
computer for applied Group Policy objects. --- Steve

COMPUTER SETTINGS
------------------
CN=STEVE-XP,CN=Computers,DC=umbach1,DC=com
Last time Group Policy was applied: 4/7/2005 at 1:25:14 PM
Group Policy was applied from: server1-2000.umbach1.com
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
Default Domain Policy
Local Group Policy


Cindy said:
Thanks, Steve. The Local Security Policy indicates that users have this
right, but the effective policy is "greyed out", does that mean the
effective
policy is coming from the Doman Security Policy. I opened the "DMS" and
the
status was not defined, so I added both Administrators and Domain Users.
I
have the support tools installed but can not find gpresult. Where do I
get
this?

Cindy

Steven L Umbach said:
Normally users can shutdown their computers. Possibly this was changed in
domain policy. On one of those computer open Local Security Policy
[secpol.msc] and go to security settings/local policies/user rights and
look
at the "effective" setting for the user right for "shut down the system".
If
the users group is not present you can add it. You would want to do such
at
the domain or Organizational Unit Level where that security policy is
defined. The support tool gpresult will show what computer configuration
group policies are applying to the computer. It would be best to define
it
in the policy "closest" to the computer such at the OU level GPO if one
is
used. Otherwise it probably is defined in Domain Security Policy. ---
Steve


I have removed users from the power user group and now they belong to
the
Domain User group on the desktops. Now they have to logoff before the
shutdown option is available. Where do I change this setting back to
allow a
Shutdown, Restart or Logoff option or is this available only if you are
a
member of the Power User group.

Thanks in advance

Cindy
Click to expand...
Click to expand...
Click to expand...
 
Back
Top