Guest hemp Posted February 8, 2008 Posted February 8, 2008 I need to have someone other than a network admin be able to log in (locally) and reboot the server(s). I'd rather create a new account so it can be shared with a few trusted employees, but I don't want them to be able to much more than rebooting. I know I can set the "log on to" to only allow the account to log on to the servers, but what are the minimum rights that the account would need to be able to log in and reboot. Or does anyone have any other recommendations? I would need this account to be able to log in to a few different servers too. Servers are Windows 2003 AD Thanks Hemp
Guest Unai Castro Posted February 10, 2008 Posted February 10, 2008 RE: Account with permissions to reboot server You can allow users reboot serves with "Shut down the system" right using a GPO. You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\. You can group these servers in organizational unit and apply the policy. http://technet2.microsoft.com/windowsserver/en/library/984ae927-5eb0-4f98-a53c-98fa8bd6daa11033.mspx?mfr=true Regards, "hemp" wrote: > I need to have someone other than a network admin be able to log in (locally) > and reboot the server(s). I'd rather create a new account so it can be > shared with a few trusted employees, but I don't want them to be able to much > more than rebooting. I know I can set the "log on to" to only allow the > account to log on to the servers, but what are the minimum rights that the > account would need to be able to log in and reboot. Or does anyone have any > other recommendations? > I would need this account to be able to log in to a few different servers too. > Servers are Windows 2003 AD > Thanks > > Hemp
Guest hemp Posted February 10, 2008 Posted February 10, 2008 RE: Account with permissions to reboot server Sounds good. Thanks "Unai Castro" wrote: > You can allow users reboot serves with "Shut down the system" right using a > GPO. You can configure this security setting by opening the appropriate > policy and expanding the console tree as such: Computer Configuration\Windows > Settings\Security Settings\Local Policies\User Rights Assignment\. You can > group these servers in organizational unit and apply the policy. > > http://technet2.microsoft.com/windowsserver/en/library/984ae927-5eb0-4f98-a53c-98fa8bd6daa11033.mspx?mfr=true > > Regards, > > > "hemp" wrote: > > > I need to have someone other than a network admin be able to log in (locally) > > and reboot the server(s). I'd rather create a new account so it can be > > shared with a few trusted employees, but I don't want them to be able to much > > more than rebooting. I know I can set the "log on to" to only allow the > > account to log on to the servers, but what are the minimum rights that the > > account would need to be able to log in and reboot. Or does anyone have any > > other recommendations? > > I would need this account to be able to log in to a few different servers too. > > Servers are Windows 2003 AD > > Thanks > > > > Hemp
Guest Ryan Posted February 11, 2008 Posted February 11, 2008 Re: Account with permissions to reboot server On Feb 8, 9:32 am, hemp <h...@discussions.microsoft.com> wrote: > I need to have someone other than a network admin be able to log in (locally) > and reboot the server(s). I'd rather create a new account so it can be > shared with a few trusted employees, but I don't want them to be able to much > more than rebooting. I know I can set the "log on to" to only allow the > account to log on to the servers, but what are the minimum rights that the > account would need to be able to log in and reboot. Or does anyone have any > other recommendations? > I would need this account to be able to log in to a few different servers too. > Servers are Windows 2003 AD > Thanks > > Hemp I don't remember for sure if this works on servers, but I believe you can change the "allow shutdown without logon" property via a GPO. This is the setting that enables/disables the shutdown button on the logon screen. This would allow anyone with physical access to the server to shut it down without having to log in. Just a thought. -ryan
Recommended Posts