Announcement

Collapse
No announcement yet.

Remotly Restart the System

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remotly Restart the System

    Hi Friends ,

    We are having win 2000server and Active directory setup in my office. all the users are logged in with their own user name and passwords and all the users are local administrator of their pc ....and i need to give the local administrator rights because with out it my software will not work fine ...so ...and now some of the advance users start miss using their rights ..they are start rebooting the remote system ..They have not installed any additional software on their system by which they can restart the remote system but with the help of windows utility only they are doing this ..so how can they do this...How can i protect it. ...please guide me friends...

    John

  • #2
    Re: Remotly Restart the System

    Dear Friends ,

    Is there any facility in windows that we can restart remote pc ...i have find some softwares but how can be possible it without third party softwares....Please friends help me....I am in big trouble .....

    John

    Comment


    • #3
      Re: Remotly Restart the System

      1. How do they do it? They click "Start"... "Shut Down"... "Shut down the computer" on their remote desktop.

      2. How to stop them? Create a new OU, put all of these users into the OU and create a new GPO. In the GPO, disable shutting down the computer by removing the "Shut Down" option from the Start menu. Link the GPO to the new OU.


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Remotly Restart the System

        Originally posted by jhn_daz View Post
        Hi Friends ,

        We are having win 2000server and Active directory setup in my office. all the users are logged in with their own user name and passwords and all the users are local administrator of their pc ....and i need to give the local administrator rights because with out it my software will not work fine ...so ...and now some of the advance users start miss using their rights ..they are start rebooting the remote system ..They have not installed any additional software on their system by which they can restart the remote system but with the help of windows utility only they are doing this ..so how can they do this...How can i protect it. ...please guide me friends...

        John
        The "remote system" meaning the "win 2000server"? Are they connecting, as Stonelaughter suggests, via "Remote Desktop" or just accessing shares from their client PC?

        They could be running SHUTDOWN.EXE if the option is disabled on the Start menu. In a CMD box on a user PC (or remote desktop session, depending on access method), type "SHUTDOWN /?" for syntax.

        Does a normal user have enough privs on the server to do the following from their PC (or remote desktop session -- you can omit \\yourserver in this case)?:

        SHUTDOWN -r -f -m \\yourserver -t 90
        If so, that's the problem. If it hangs for a bit then returns an error message of some kind, the user does not have enough privs to do it.

        I added the "-t 90" to give you a 90 second timer so you can go to the server and run a

        SHUTDOWN -a
        to cancel it without actually restarting the server.

        Do verify you have no virus on the server and examine everyone's group membership and compare that to groups / users listed in Group or Local Security Settings under:

        "Security Settings\Local Policies\User Rights Assignment\Shut down the system".

        Also look in the System Event Log and examine events just before "eventlog" was stopped. In W2K3, you would find an event from the "USER32", Event ID 1074 telling you the account that initiated the shutdown / restart. Don't have W2K Server running anymore so I can't confirm what you will see.
        Last edited by rvalstar; 10th February 2007, 12:02. Reason: typo
        Cheers,

        Rick

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

        Comment


        • #5
          Re: Remotly Restart the System

          Hi ,

          Thanks for your reply....actually our users are having w2k professional also they are not using any remote desktops ..and they are rebooting internal machines after some interval....My server is working fine..and also there is no virus in any of the system ...So how the users can do it from their desktop machines....

          John
          Last edited by jhn_daz; 10th February 2007, 13:06.

          Comment


          • #6
            Re: Remotly Restart the System

            Originally posted by jhn_daz View Post
            Hi ,

            Thanks for your relpy....actually our users are having w2k professional..and they are reboorting internal machines after some interval....My server is working fine..and also there is no virus in any of the system ...So how the users can do it from their desktop machines....

            John
            SHUTDOWN.EXE -- did you try what I suggested? Or is there no SHUTDOWN.EXE in W2K Pro? And the Event Log???

            EDIT: Which machine are they rebooting, client or server? SHUTDOWN.EXE can shutdown either if privs allow so substitute the correct \\machine or omit it if local and see if that can be how they do it.
            Last edited by rvalstar; 10th February 2007, 13:09.
            Cheers,

            Rick

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

            Comment


            • #7
              Re: Remotly Restart the System

              Hi Friends ,

              There is no shutdown.exe in the system ...so how can they restart the systems....They are restarting the internal systems which are of w2k professionals....

              John

              Comment


              • #8
                Re: Remotly Restart the System

                I am sorry, but I still don't understand what machines are your users shutting down. Their own, or the server?
                Anyway, to prevent a user (even Administrator) from shutting down a computer, you have to change the User Rights assignment (take a look at the attached screenshot). Change the default setting and give this permission to at least other two users, or to a group.
                If your users are part of the local Administrators group, then give this right to the Administrator user only.
                I hope this it is what you are looking after.
                BTW, "advanced" users can run RUNDLL32.EXE to do all kind of things...
                Last edited by sorinso; 9th November 2007, 21:28.

                Sorin Solomon


                In order to succeed, your desire for success should be greater than your fear of failure.
                -

                Comment


                • #9
                  Re: Remotly Restart the System

                  Hi Sorinso ,

                  Thanks for your valuable reply ...but the problem is users in my organizations are having a w2k professionals and they are internally reboot the internal systems ....after applying your settings its now in control but some users are still able to reboot the remote users systems ......the thing is how they can do it ....they have not made any changes to local security polices......How its possible...


                  Thanks once again for your greate help ....


                  John

                  Comment


                  • #10
                    Re: Remotly Restart the System

                    So what were the settings before and what did you change them to ????

                    And tell us about these "remote users systems". Are they under your control? Are they on a VPN? More info please. and did you examine and GPO settings on these computers?

                    How are you aware internal users are restarting these remote machines? Event Log or ???

                    BTW, I can download SHUTDOWN.EXE from a number of places and I'm in business as long as I have the privs to do the restart and I can see the remote machine on the network.
                    Cheers,

                    Rick

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                    Comment


                    • #11
                      Re: Remotly Restart the System

                      Hi Rvalstar ,

                      Thanks for your reply.... Actually users are on internal LAN system ....and they are rebooting their internal machine for just doing disturb the internal works and i want to stop them..i have check their machines thoroughly but i cant find any third party software or any virus itself..so i am worried that how can they do it..how is it possible ....So can you please tell me how to do it...

                      John

                      Comment


                      • #12
                        Re: Remotly Restart the System

                        Although both Rick and myself have asked you, you still did not answered. Please answer these two questions:
                        - are users shutting down their own computers, or someone else's?
                        - how do you know that these are the users doing it and not a Windows problem?

                        Sorin Solomon


                        In order to succeed, your desire for success should be greater than your fear of failure.
                        -

                        Comment


                        • #13
                          Re: Remotly Restart the System

                          Hi Sorinso ,

                          They are rebooting the remote systems...which are in local LAN system and they are doing from there own system...They are doing like this...

                          My computer--right click-- manage ---computer management -- connect o the other computer-- then select the computer name -- then open the remote machine's computer management console and then doing something ..and reboot the system..i am not able to see the complete trick but users are doing this trick,,,actually when i moved from one department i saw that one user is trying to do it..and when he saw me that i am watching his activity he suddenly lock his computer and run away...so i am not able to see his complete activity...but i saw the few steps which i describe...so please help me out further.....

                          John
                          Last edited by jhn_daz; 13th February 2007, 13:54.

                          Comment


                          • #14
                            Re: Remotly Restart the System

                            Here is exactly how he does it:

                            Right click my computer, choose manage. Highlight the Computer Management (Local) then click on the Action menu, click Connect to another computer...

                            Type in the name of the other PC & click ok.

                            Right click on Computer Management (Other PC name) and click properties.

                            On the Advanced tab, click the Settings button under Start up and recovery.

                            Click the Shutdown button.

                            Now, all that remains is to work out how to prevent it, but we're halfway there.
                            Best wishes,
                            PaulH.
                            MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                            Comment


                            • #15
                              Re: Remotly Restart the System

                              How about looking at this:

                              http://www.microsoft.com/technet/pro....mspx?mfr=true

                              Computer Management

                              User Configuration\Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins

                              Description: Permits or prohibits use of this snap-in.
                              Best wishes,
                              PaulH.
                              MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                              Comment

                              Working...
                              X