Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

In this text we’ll look on find out how to handle non-admin person permissions to restart or shutdown of Windows computer systems or servers. By default, non-privileged customers can restart or shutdown solely desktop Windows variations, and can’t restart a Windows Server (shutdown and restart buttons are usually not accessible within the Start menu). Is it doable to permit a person with out native administrator privileges to restart Windows Server? There can also be an inverse activity — find out how to stop customers from restarting a Windows 10 pc used as an info kiosk, a dispatcher console, and so on.

Allow/Prevent Shutdown and Reboot Options for Windows Users through GPO

You can set the permissions to restart or shutdown Windows utilizing the Shut down the system parameter within the GPO part Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.

Please be aware that the default restart/shutdown permissions for desktop Windows 10 and Windows Server editions are totally different.

Open the Local Group Policy Editor () and go to the part specified above. As you may see, the members of native teams Administrators, Users and Backup Operators have the permissions to shutdown/reboot a pc working Windows 10.

Shut down the system - allow user to shutdown/restart windows via gpo

On Windows Server 2016/2012 R2 solely Administrators or Backup Operators can shutdown or restart a server. It is cheap and sound, since most often a non-admin person should not have the privileges to shutdown a distant server (even when it occurs often). Just think about an RDSH server that’s typically shuts down since customers by chance click on on the “Shutdown” button within the Start menu…

However, there isn’t a rule with out exception. So if you wish to permit a non-privileged person to restart your Windows Server, simply add their accounts to this coverage.

Or, vice versa, you need to stop customers of desktop Windows 10 editions from restarting the pc that fulfills some server perform. In this case, simply take away Users group from Shut down the system native coverage.

In the identical approach you may stop (or permit) shutdown/reboot for all computer systems within the particular OU of your Active Directory area utilizing the area coverage.

In the area Group Policy editor (gpmc.msc), create a brand new coverage Prevent_Shutdown, configure the parameters of your “Shut down the system” coverage in accordance with your necessities and assign it to the OU containing computer systems or servers.

Allow Remote Shutdown/Restart with out Admin Permissions

You can even permit some customers to restart your Windows Server remotely utilizing the shutdown command with out granting them native administrator privileges or the .

To do it, add a person account to the Force shutdown from a distant system coverage in the identical GPO part (User Rights Assignment).

By default, solely directors can shutdown the server remotely. Add a person account to the coverage.

gpo to allow remote windows restart: Force shutdown from a remote system

After that the person will get the SeRemoteShutdown privilege and can be capable of restart the server remotely utilizing this command:

shutdown -m hamb-rds01 -r -f -t zero

How to Remove Shutdown/Restart Options in Windows 10?

Also, there’s a particular coverage that enables to take away the Shutdown, Restart and Hibernate choices from the Start display screen or Start menu. The coverage is named Remove and Prevent Access to the Shut Down, Restart, Sleep, and Hibernate instructions and is situated within the following GPO part: User Configuration -> Administrative Templates -> Start Menu and Taskbar.

Group Policy: Remove and Prevent Access to the Shut Down, Restart, Sleep, and Hibernate commands - remove Options in Windows 10 Start Menu

After you allow this coverage, a person shall be in a position solely to disconnect the present session. The Shutdown, Sleep and Restart buttons will grow to be unavailable.

start menu

How to Find Out Who Restarted/Shutdown a Windows Server?

After you may have granted a person the privileges to restart your servers, chances are you’ll need to know who restarted a server: a person or one of many directors.

To do it, use the Event Viewer (eventvwr.msc) log. Go to Windows Logs -> System and filter the log by the Event ID 1074.

filte events by 1074 restart event id

As you may see, there are the occasions of server restart within the log within the chronological order. The occasion description exhibits the restart time, the rationale and the account that restarted the server.

Log Name:System
Source: User32
EventID: 1074
The course of C:Windowssystem32shutdown.exe (BE-BAK01) has initiated the restart of pc BE-BAK01 on behalf of person corpjsmith for the next motive: No title for that reason could possibly be discovered
Reason Code: 0x800000ff
Shutdown Type: restart
Comment:

EventID: 1074 The process C:Windowssystem32shutdown.exe has initiated the restart of computer on behalf of user for the following reason: Reason Code: 0x800000ff Shutdown Type: restart

In the identical approach, you will get the details about latest Windows shutdown occasions. To do it, filter the logs by the Event ID 1076.

Check Also

How to Remove Built-in Apps, Features & Editions from a Windows 10 Install Image…

In this information we’ll present how to take away Microsoft Store provisioned apps, options (capabilities), …

Leave a Reply

Your email address will not be published. Required fields are marked *