Bad boy Warrior Posted February 6, 2005 Share Posted February 6, 2005 I want to have 1 user who can only shutdown/ restart the server when required and NOTHING ELSE (not even run programs on the server. Any of you guys have ideas on what woud be the best approach on doing this or what type of user should i create?thx Link to comment Share on other sites More sharing options...
valter Posted February 6, 2005 Share Posted February 6, 2005 any user, just assign him right for this through gpo Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted February 11, 2005 Author Share Posted February 11, 2005 i did that but everytime ths user tries to access the server through RDP - it says it cant due to eprmissions. I dont want to assign admin righst as this would defeat the point.thx Link to comment Share on other sites More sharing options...
jamesas Posted February 11, 2005 Share Posted February 11, 2005 you will have to assign the right for him to use rdp and be able to login and you also might want to apply a few gpos to block him from accessing any harddrives and so forth Link to comment Share on other sites More sharing options...
Bad boy Warrior Posted February 14, 2005 Author Share Posted February 14, 2005 i right clicked mstsc.exe and added the user that can shutdown the system but i had the exact same error? what did i do wrong?thx Link to comment Share on other sites More sharing options...
Br4tt3 Posted February 18, 2005 Share Posted February 18, 2005 do u get the error of:"u r not allowed to logon interactively" (or something like that?) when u try to logon using rdp? in that case it is a matter of permission...if you dont want the guy to logon to a server for example just to shut down the server.... add a service account that can do it for ya and then try to run within that security context from within a script for example.vbscript would it for u, where u could hide the pwd and user that u r trying to connect with using crypto (.vbe) and distribute the script to the user or run it remotely... or place in scheduler maby, what do I know...Hmm... something like this maby...CODE <Begin> :'*******************************************************************' Purpose: Script for restarting a server (not DC)' Author: Br4tt3' Date: 2004-09-22' Company: XXXXXXXXXXXXXXXXXXX' Version: 0.1'' Requirement: Obtain RunAsPwd.exe (freeware) and place in system32.' Also create an account with appropiate permission in correct' OU structure. Must be run locally on machine. Remote exec' not supported.'*******************************************************************Option ExplicitConst DomainAccount="ShutdwnAdmin@company.com"Const DomainPassword="ShutdwnAdminpwd"'*****************************************' Adding User "ShutdwnAdmin" from AD to' local Administrator group of computer.'*****************************************Dim objInfo, objGroup, objUser, strComputerSet objInfo = CreateObject("ADSystemInfo")strComputer = "."Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")Set objUser = GetObject("WinNT://" & objInfo.DomainShortName & "/ShutdwnAdmin,user")objGroup.Add(objUser.ADsPath)'***************************************************************' Mark: Using RunAsPwd to run the .exe in another security context' than logged on user. Obtain the .exe from inet as it is' freeware.'***************************************************************Dim WshShell, objSys, WshNetwork, CommandSet WshShell = WScript.CreateObject("WScript.Shell")Set objSys = CreateObject("ADSystemInfo")Set WshNetwork = WScript.CreateObject("WScript.Network")Command = "%WINDIR%\system32\runaspwd.exe -u:" & DomainAccount & " -p:" & DomainPassword & " -e:" & "%WINDIR%\system32\shutdown.exe -r"WshShell.Run Command, 0, True'***************************************' Remove Global Account "ShutdwnAdmin"' from local Administrators group'***************************************Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")Set objUser = GetObject("WinNT://" & objInfo.DomainShortName & "/ShutdwnAdmin,user")objGroup.Remove(objUser.ADsPath)Tried it once here, atleast the machine rebooted... hopes this can solve it for u.. Link to comment Share on other sites More sharing options...
un4given1 Posted February 23, 2005 Share Posted February 23, 2005 Just run this from a command prompt... shutdown -iIt will give you a GUI shutdown program. Input the computer name to shutdown and there you go. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now