Guest Blake Posted April 3, 2008 Posted April 3, 2008 I have created a domain user and I want to grant it the rights to reboot a server (this is NOT an admin, either local or domain). I am looking for the minimum requirements for both a remote shutdown/reboot as well as a local shutdown/reboot (such as a scheduled task). I am using SHUTDOWN.EXE currently. I have given the domain user both 'Force shutdown from a remote system' as well as 'shut down the system' - but I get errors, most notably: C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m \\test_server The operation completed successfully. A required privilege is not held by the client. During the local attempt, the scheduled task runs but nothing happens. Thanks Blake
Guest Lanwench [MVP - Exchange] Posted April 3, 2008 Posted April 3, 2008 Re: permissions to reboot (both locally and remotely) Blake <blake@blake.com> wrote: > I have created a domain user and I want to grant it the rights to > reboot a server (this is NOT an admin, either local or domain). > > I am looking for the minimum requirements for both a remote > shutdown/reboot as well as a local shutdown/reboot (such as a > scheduled task). > I am using SHUTDOWN.EXE currently. > > I have given the domain user both 'Force shutdown from a remote > system' as well as 'shut down the system' - but I get errors, most > notably: > C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m > \\test_server The operation completed successfully. > A required privilege is not held by the client. > > During the local attempt, the scheduled task runs but nothing happens. > > Thanks > Blake Wow, that's a heck of a crosspost! Not sure if there are easier ways, but one no brainer method might be Encrypted RunAs (shareware) from http://www.wingnutsoftware.com/ and a script/shortcut that runs shutdown.exe with the parameters you wish. Then you can set up the shortcut to use the domain account you wish, without the end user seeing/accessing the password directly.
Guest Anthony [MVP] Posted April 3, 2008 Posted April 3, 2008 Re: permissions to reboot (both locally and remotely) If you look in the Local Security Policy and copy the User Rights Assignment for Backup Operators (except for the specific Backup and Restore rights if you don't want them to be able to do that) that should do it, Anthony, http://www.airdesk.co.uk "Blake" <blake@blake.com> wrote in message news:eGiF1balIHA.5368@TK2MSFTNGP04.phx.gbl... >I have created a domain user and I want to grant it the rights to reboot a >server (this is NOT an admin, either local or domain). > > I am looking for the minimum requirements for both a remote > shutdown/reboot as well as a local shutdown/reboot (such as a scheduled > task). > > I am using SHUTDOWN.EXE currently. > > I have given the domain user both 'Force shutdown from a remote system' as > well as 'shut down the system' - but I get errors, most notably: > > C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m \\test_server > The operation completed successfully. > A required privilege is not held by the client. > > During the local attempt, the scheduled task runs but nothing happens. > > Thanks > Blake > > > > >
Guest Blake Posted April 3, 2008 Posted April 3, 2008 Re: permissions to reboot (both locally and remotely) When the user attempts to run the shutdown command, I get event 578: Win32 Registry/SystemShutdown module blah blah Privileges: seShutdownPrivilege This user DOES have the 'user rights assignment' to shut down the system. (as well as log on locally, as a batch job - most of the Backup Operators rights) Thoughts? "Anthony [MVP]" <anthony@no-reply.com> wrote in message news:uOZZMBblIHA.5660@TK2MSFTNGP02.phx.gbl... > If you look in the Local Security Policy and copy the User Rights > Assignment for Backup Operators (except for the specific Backup and > Restore rights if you don't want them to be able to do that) that should > do it, > Anthony, > http://www.airdesk.co.uk > > > "Blake" <blake@blake.com> wrote in message > news:eGiF1balIHA.5368@TK2MSFTNGP04.phx.gbl... >>I have created a domain user and I want to grant it the rights to reboot a >>server (this is NOT an admin, either local or domain). >> >> I am looking for the minimum requirements for both a remote >> shutdown/reboot as well as a local shutdown/reboot (such as a scheduled >> task). >> >> I am using SHUTDOWN.EXE currently. >> >> I have given the domain user both 'Force shutdown from a remote system' >> as well as 'shut down the system' - but I get errors, most notably: >> >> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m \\test_server >> The operation completed successfully. >> A required privilege is not held by the client. >> >> During the local attempt, the scheduled task runs but nothing happens. >> >> Thanks >> Blake >> >> >> >> >> > >
Guest Blake Posted April 3, 2008 Posted April 3, 2008 Re: permissions to reboot (both locally and remotely) the problem here lies when that password must be changed - I'm trying to tighten security and create an ID that can reboot the servers and not much else. The rights seem to exist in the security policies.... Blake "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:ORP0HwalIHA.464@TK2MSFTNGP02.phx.gbl... > Blake <blake@blake.com> wrote: >> I have created a domain user and I want to grant it the rights to >> reboot a server (this is NOT an admin, either local or domain). >> >> I am looking for the minimum requirements for both a remote >> shutdown/reboot as well as a local shutdown/reboot (such as a >> scheduled task). >> I am using SHUTDOWN.EXE currently. >> >> I have given the domain user both 'Force shutdown from a remote >> system' as well as 'shut down the system' - but I get errors, most >> notably: >> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m >> \\test_server The operation completed successfully. >> A required privilege is not held by the client. >> >> During the local attempt, the scheduled task runs but nothing happens. >> >> Thanks >> Blake > > Wow, that's a heck of a crosspost! > > Not sure if there are easier ways, but one no brainer method might be > Encrypted RunAs (shareware) from http://www.wingnutsoftware.com/ and a > script/shortcut that runs shutdown.exe with the parameters you wish. Then > you can set up the shortcut to use the domain account you wish, without > the end user seeing/accessing the password directly. >
Guest Blake Posted April 3, 2008 Posted April 3, 2008 Re: permissions to reboot (both locally and remotely) I think it is a group policy issue - will update tomorrow Blake "Blake" <blake@blake.com> wrote in message news:OgSZfOclIHA.5820@TK2MSFTNGP04.phx.gbl... > When the user attempts to run the shutdown command, I get event 578: > > Win32 Registry/SystemShutdown module > blah blah > Privileges: seShutdownPrivilege > > This user DOES have the 'user rights assignment' to shut down the system. > (as well as log on locally, as a batch job - most of the Backup Operators > rights) > > Thoughts? > > > "Anthony [MVP]" <anthony@no-reply.com> wrote in message > news:uOZZMBblIHA.5660@TK2MSFTNGP02.phx.gbl... >> If you look in the Local Security Policy and copy the User Rights >> Assignment for Backup Operators (except for the specific Backup and >> Restore rights if you don't want them to be able to do that) that should >> do it, >> Anthony, >> http://www.airdesk.co.uk >> >> >> "Blake" <blake@blake.com> wrote in message >> news:eGiF1balIHA.5368@TK2MSFTNGP04.phx.gbl... >>>I have created a domain user and I want to grant it the rights to reboot >>>a server (this is NOT an admin, either local or domain). >>> >>> I am looking for the minimum requirements for both a remote >>> shutdown/reboot as well as a local shutdown/reboot (such as a scheduled >>> task). >>> >>> I am using SHUTDOWN.EXE currently. >>> >>> I have given the domain user both 'Force shutdown from a remote system' >>> as well as 'shut down the system' - but I get errors, most notably: >>> >>> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m >>> \\test_server >>> The operation completed successfully. >>> A required privilege is not held by the client. >>> >>> During the local attempt, the scheduled task runs but nothing happens. >>> >>> Thanks >>> Blake >>> >>> >>> >>> >>> >> >> > >
Guest Blake Posted April 4, 2008 Posted April 4, 2008 Re: permissions to reboot (both locally and remotely) I had a group policy overriding the one I was using to give the user permissions to shut down the system. all the user needs is 'shut down system' and 'log on as a batch job' for the scheduled task to run. Thanks Blake "Blake" <blake@blake.com> wrote in message news:%23QKJyUclIHA.3876@TK2MSFTNGP06.phx.gbl... >I think it is a group policy issue - will update tomorrow > > Blake > "Blake" <blake@blake.com> wrote in message > news:OgSZfOclIHA.5820@TK2MSFTNGP04.phx.gbl... >> When the user attempts to run the shutdown command, I get event 578: >> >> Win32 Registry/SystemShutdown module >> blah blah >> Privileges: seShutdownPrivilege >> >> This user DOES have the 'user rights assignment' to shut down the system. >> (as well as log on locally, as a batch job - most of the Backup Operators >> rights) >> >> Thoughts? >> >> >> "Anthony [MVP]" <anthony@no-reply.com> wrote in message >> news:uOZZMBblIHA.5660@TK2MSFTNGP02.phx.gbl... >>> If you look in the Local Security Policy and copy the User Rights >>> Assignment for Backup Operators (except for the specific Backup and >>> Restore rights if you don't want them to be able to do that) that should >>> do it, >>> Anthony, >>> http://www.airdesk.co.uk >>> >>> >>> "Blake" <blake@blake.com> wrote in message >>> news:eGiF1balIHA.5368@TK2MSFTNGP04.phx.gbl... >>>>I have created a domain user and I want to grant it the rights to reboot >>>>a server (this is NOT an admin, either local or domain). >>>> >>>> I am looking for the minimum requirements for both a remote >>>> shutdown/reboot as well as a local shutdown/reboot (such as a scheduled >>>> task). >>>> >>>> I am using SHUTDOWN.EXE currently. >>>> >>>> I have given the domain user both 'Force shutdown from a remote system' >>>> as well as 'shut down the system' - but I get errors, most notably: >>>> >>>> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m >>>> \\test_server >>>> The operation completed successfully. >>>> A required privilege is not held by the client. >>>> >>>> During the local attempt, the scheduled task runs but nothing happens. >>>> >>>> Thanks >>>> Blake >>>> >>>> >>>> >>>> >>>> >>> >>> >> >> > >
Recommended Posts