In this text we’ll look on find out how to handle non-admin person permissions to restart or shutdown of Windows computer systems or servers. By default, non-privileged customers can restart or shutdown solely desktop Windows variations, and can’t restart a Windows Server (shutdown and restart buttons are usually not accessible within the Start menu). Is it doable to permit a person with out native administrator privileges to restart Windows Server? There can also be an inverse activity — find out how to stop customers from restarting a Windows 10 pc used as an info kiosk, a dispatcher console, and so on.
Allow/Prevent Shutdown and Reboot Options for Windows Users through GPO
You can set the permissions to restart or shutdown Windows utilizing the Shut down the system parameter within the GPO part Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.
Please be aware that the default restart/shutdown permissions for desktop Windows 10 and Windows Server editions are totally different.
Open the Local Group Policy Editor () and go to the part specified above. As you may see, the members of native teams Administrators, Users and Backup Operators have the permissions to shutdown/reboot a pc working Windows 10.
On Windows Server 2016/2012 R2 solely Administrators or Backup Operators can shutdown or restart a server. It is cheap and sound, since most often a non-admin person should not have the privileges to shutdown a distant server (even when it occurs often). Just think about an RDSH server that’s typically shuts down since customers by chance click on on the “Shutdown” button within the Start menu…
However, there isn’t a rule with out exception. So if you wish to permit a non-privileged person to restart your Windows Server, simply add their accounts to this coverage.
Or, vice versa, you need to stop customers of desktop Windows 10 editions from restarting the pc that fulfills some server perform. In this case, simply take away Users group from Shut down the system native coverage.
In the identical approach you may stop (or permit) shutdown/reboot for all computer systems within the particular OU of your Active Directory area utilizing the area coverage.
In the area Group Policy editor (gpmc.msc), create a brand new coverage Prevent_Shutdown, configure the parameters of your “Shut down the system” coverage in accordance with your necessities and assign it to the OU containing computer systems or servers.
Allow Remote Shutdown/Restart with out Admin Permissions
You can even permit some customers to restart your Windows Server remotely utilizing the
shutdown command with out granting them native administrator privileges or the .
To do it, add a person account to the Force shutdown from a distant system coverage in the identical GPO part (User Rights Assignment).
By default, solely directors can shutdown the server remotely. Add a person account to the coverage.
After that the person will get the SeRemoteShutdown privilege and can be capable of restart the server remotely utilizing this command:
shutdown -m hamb-rds01 -r -f -t zero
How to Remove Shutdown/Restart Options in Windows 10?
Also, there’s a particular coverage that enables to take away the Shutdown, Restart and Hibernate choices from the Start display screen or Start menu. The coverage is named Remove and Prevent Access to the Shut Down, Restart, Sleep, and Hibernate instructions and is situated within the following GPO part: User Configuration -> Administrative Templates -> Start Menu and Taskbar.
After you allow this coverage, a person shall be in a position solely to disconnect the present session. The Shutdown, Sleep and Restart buttons will grow to be unavailable.
How to Find Out Who Restarted/Shutdown a Windows Server?
After you may have granted a person the privileges to restart your servers, chances are you’ll need to know who restarted a server: a person or one of many directors.
To do it, use the Event Viewer (eventvwr.msc) log. Go to Windows Logs -> System and filter the log by the Event ID 1074.
As you may see, there are the occasions of server restart within the log within the chronological order. The occasion description exhibits the restart time, the rationale and the account that restarted the server.
Log Name:System Source: User32 EventID: 1074 The course of C:Windowssystem32shutdown.exe (BE-BAK01) has initiated the restart of pc BE-BAK01 on behalf of person corpjsmith for the next motive: No title for that reason could possibly be discovered Reason Code: 0x800000ff Shutdown Type: restart Comment:
In the identical approach, you will get the details about latest Windows shutdown occasions. To do it, filter the logs by the Event ID 1076.