Jump to content

Account with permissions to reboot server

Guest hemp

By Guest hemp
in Windows 2003 Server

 Share

Recommended Posts

Guest hemp

Guest hemp

Posted
Posted

I need to have someone other than a network admin be able to log in (locally)

and reboot the server(s). I'd rather create a new account so it can be

shared with a few trusted employees, but I don't want them to be able to much

more than rebooting. I know I can set the "log on to" to only allow the

account to log on to the servers, but what are the minimum rights that the

account would need to be able to log in and reboot. Or does anyone have any

other recommendations?

I would need this account to be able to log in to a few different servers too.

Servers are Windows 2003 AD

Thanks

 

Hemp

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Unai Castro

Guest Unai Castro

Posted
Posted

RE: Account with permissions to reboot server

 

You can allow users reboot serves with "Shut down the system" right using a

GPO. You can configure this security setting by opening the appropriate

policy and expanding the console tree as such: Computer Configuration\Windows

Settings\Security Settings\Local Policies\User Rights Assignment\. You can

group these servers in organizational unit and apply the policy.

 

http://technet2.microsoft.com/windowsserver/en/library/984ae927-5eb0-4f98-a53c-98fa8bd6daa11033.mspx?mfr=true

 

Regards,

 

 

"hemp" wrote:

> I need to have someone other than a network admin be able to log in (locally)

> and reboot the server(s). I'd rather create a new account so it can be

> shared with a few trusted employees, but I don't want them to be able to much

> more than rebooting. I know I can set the "log on to" to only allow the

> account to log on to the servers, but what are the minimum rights that the

> account would need to be able to log in and reboot. Or does anyone have any

> other recommendations?

> I would need this account to be able to log in to a few different servers too.

> Servers are Windows 2003 AD

> Thanks

>

> Hemp

Guest hemp

Guest hemp

Posted
Posted

RE: Account with permissions to reboot server

 

Sounds good. Thanks

 

"Unai Castro" wrote:

> You can allow users reboot serves with "Shut down the system" right using a

> GPO. You can configure this security setting by opening the appropriate

> policy and expanding the console tree as such: Computer Configuration\Windows

> Settings\Security Settings\Local Policies\User Rights Assignment\. You can

> group these servers in organizational unit and apply the policy.

>

> http://technet2.microsoft.com/windowsserver/en/library/984ae927-5eb0-4f98-a53c-98fa8bd6daa11033.mspx?mfr=true

>

> Regards,

>

>

> "hemp" wrote:

>

> > I need to have someone other than a network admin be able to log in (locally)

> > and reboot the server(s). I'd rather create a new account so it can be

> > shared with a few trusted employees, but I don't want them to be able to much

> > more than rebooting. I know I can set the "log on to" to only allow the

> > account to log on to the servers, but what are the minimum rights that the

> > account would need to be able to log in and reboot. Or does anyone have any

> > other recommendations?

> > I would need this account to be able to log in to a few different servers too.

> > Servers are Windows 2003 AD

> > Thanks

> >

> > Hemp

Guest Ryan

Guest Ryan

Posted
Posted

Re: Account with permissions to reboot server

 

On Feb 8, 9:32 am, hemp <h...@discussions.microsoft.com> wrote:

> I need to have someone other than a network admin be able to log in (locally)

> and reboot the server(s).  I'd rather create a new account so it can be

> shared with a few trusted employees, but I don't want them to be able to much

> more than rebooting.  I know I can set the "log on to" to only allow the

> account to log on to the servers, but what are the minimum rights that the

> account would need to be able to log in and reboot.  Or does anyone have any

> other recommendations?

> I would need this account to be able to log in to a few different servers too.

> Servers are Windows 2003 AD

> Thanks

>

> Hemp

 

I don't remember for sure if this works on servers, but I believe you

can change the "allow shutdown without logon" property via a GPO.

This is the setting that enables/disables the shutdown button on the

logon screen. This would allow anyone with physical access to the

server to shut it down without having to log in.

 

Just a thought.

 

-ryan

 Share
Go to topic listing
×
×
  • Create New...