Jump to content

permissions to reboot (both locally and remotely)

Guest Blake

By Guest Blake
in Windows 2003 Server

 Share

Recommended Posts

Guest Blake

Guest Blake

Posted
Posted

I have created a domain user and I want to grant it the rights to reboot a

server (this is NOT an admin, either local or domain).

 

I am looking for the minimum requirements for both a remote shutdown/reboot

as well as a local shutdown/reboot (such as a scheduled task).

 

I am using SHUTDOWN.EXE currently.

 

I have given the domain user both 'Force shutdown from a remote system' as

well as 'shut down the system' - but I get errors, most notably:

 

C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m \\test_server

The operation completed successfully.

A required privilege is not held by the client.

 

During the local attempt, the scheduled task runs but nothing happens.

 

Thanks

Blake

  • Replies 6
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Lanwench [MVP - Exchange]

Guest Lanwench [MVP - Exchange]

Posted
Posted

Re: permissions to reboot (both locally and remotely)

 

Blake <blake@blake.com> wrote:

> I have created a domain user and I want to grant it the rights to

> reboot a server (this is NOT an admin, either local or domain).

>

> I am looking for the minimum requirements for both a remote

> shutdown/reboot as well as a local shutdown/reboot (such as a

> scheduled task).

> I am using SHUTDOWN.EXE currently.

>

> I have given the domain user both 'Force shutdown from a remote

> system' as well as 'shut down the system' - but I get errors, most

> notably:

> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m

> \\test_server The operation completed successfully.

> A required privilege is not held by the client.

>

> During the local attempt, the scheduled task runs but nothing happens.

>

> Thanks

> Blake

 

Wow, that's a heck of a crosspost!

 

Not sure if there are easier ways, but one no brainer method might be

Encrypted RunAs (shareware) from http://www.wingnutsoftware.com/ and a

script/shortcut that runs shutdown.exe with the parameters you wish. Then

you can set up the shortcut to use the domain account you wish, without the

end user seeing/accessing the password directly.

Guest Anthony [MVP]

Guest Anthony [MVP]

Posted
Posted

Re: permissions to reboot (both locally and remotely)

 

If you look in the Local Security Policy and copy the User Rights Assignment

for Backup Operators (except for the specific Backup and Restore rights if

you don't want them to be able to do that) that should do it,

Anthony,

http://www.airdesk.co.uk

 

 

"Blake" <blake@blake.com> wrote in message

news:eGiF1balIHA.5368@TK2MSFTNGP04.phx.gbl...

>I have created a domain user and I want to grant it the rights to reboot a

>server (this is NOT an admin, either local or domain).

>

> I am looking for the minimum requirements for both a remote

> shutdown/reboot as well as a local shutdown/reboot (such as a scheduled

> task).

>

> I am using SHUTDOWN.EXE currently.

>

> I have given the domain user both 'Force shutdown from a remote system' as

> well as 'shut down the system' - but I get errors, most notably:

>

> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m \\test_server

> The operation completed successfully.

> A required privilege is not held by the client.

>

> During the local attempt, the scheduled task runs but nothing happens.

>

> Thanks

> Blake

>

>

>

>

>

Guest Blake

Guest Blake

Posted
Posted

Re: permissions to reboot (both locally and remotely)

 

When the user attempts to run the shutdown command, I get event 578:

 

Win32 Registry/SystemShutdown module

blah blah

Privileges: seShutdownPrivilege

 

This user DOES have the 'user rights assignment' to shut down the system.

(as well as log on locally, as a batch job - most of the Backup Operators

rights)

 

Thoughts?

 

 

"Anthony [MVP]" <anthony@no-reply.com> wrote in message

news:uOZZMBblIHA.5660@TK2MSFTNGP02.phx.gbl...

> If you look in the Local Security Policy and copy the User Rights

> Assignment for Backup Operators (except for the specific Backup and

> Restore rights if you don't want them to be able to do that) that should

> do it,

> Anthony,

> http://www.airdesk.co.uk

>

>

> "Blake" <blake@blake.com> wrote in message

> news:eGiF1balIHA.5368@TK2MSFTNGP04.phx.gbl...

>>I have created a domain user and I want to grant it the rights to reboot a

>>server (this is NOT an admin, either local or domain).

>>

>> I am looking for the minimum requirements for both a remote

>> shutdown/reboot as well as a local shutdown/reboot (such as a scheduled

>> task).

>>

>> I am using SHUTDOWN.EXE currently.

>>

>> I have given the domain user both 'Force shutdown from a remote system'

>> as well as 'shut down the system' - but I get errors, most notably:

>>

>> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m \\test_server

>> The operation completed successfully.

>> A required privilege is not held by the client.

>>

>> During the local attempt, the scheduled task runs but nothing happens.

>>

>> Thanks

>> Blake

>>

>>

>>

>>

>>

>

>

Guest Blake

Guest Blake

Posted
Posted

Re: permissions to reboot (both locally and remotely)

 

the problem here lies when that password must be changed - I'm trying to

tighten security and create an ID that can reboot the servers and not much

else. The rights seem to exist in the security policies....

 

Blake

 

"Lanwench [MVP - Exchange]"

<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message

news:ORP0HwalIHA.464@TK2MSFTNGP02.phx.gbl...

> Blake <blake@blake.com> wrote:

>> I have created a domain user and I want to grant it the rights to

>> reboot a server (this is NOT an admin, either local or domain).

>>

>> I am looking for the minimum requirements for both a remote

>> shutdown/reboot as well as a local shutdown/reboot (such as a

>> scheduled task).

>> I am using SHUTDOWN.EXE currently.

>>

>> I have given the domain user both 'Force shutdown from a remote

>> system' as well as 'shut down the system' - but I get errors, most

>> notably:

>> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m

>> \\test_server The operation completed successfully.

>> A required privilege is not held by the client.

>>

>> During the local attempt, the scheduled task runs but nothing happens.

>>

>> Thanks

>> Blake

>

> Wow, that's a heck of a crosspost!

>

> Not sure if there are easier ways, but one no brainer method might be

> Encrypted RunAs (shareware) from http://www.wingnutsoftware.com/ and a

> script/shortcut that runs shutdown.exe with the parameters you wish. Then

> you can set up the shortcut to use the domain account you wish, without

> the end user seeing/accessing the password directly.

>

Guest Blake

Guest Blake

Posted
Posted

Re: permissions to reboot (both locally and remotely)

 

I think it is a group policy issue - will update tomorrow

 

Blake

"Blake" <blake@blake.com> wrote in message

news:OgSZfOclIHA.5820@TK2MSFTNGP04.phx.gbl...

> When the user attempts to run the shutdown command, I get event 578:

>

> Win32 Registry/SystemShutdown module

> blah blah

> Privileges: seShutdownPrivilege

>

> This user DOES have the 'user rights assignment' to shut down the system.

> (as well as log on locally, as a batch job - most of the Backup Operators

> rights)

>

> Thoughts?

>

>

> "Anthony [MVP]" <anthony@no-reply.com> wrote in message

> news:uOZZMBblIHA.5660@TK2MSFTNGP02.phx.gbl...

>> If you look in the Local Security Policy and copy the User Rights

>> Assignment for Backup Operators (except for the specific Backup and

>> Restore rights if you don't want them to be able to do that) that should

>> do it,

>> Anthony,

>> http://www.airdesk.co.uk

>>

>>

>> "Blake" <blake@blake.com> wrote in message

>> news:eGiF1balIHA.5368@TK2MSFTNGP04.phx.gbl...

>>>I have created a domain user and I want to grant it the rights to reboot

>>>a server (this is NOT an admin, either local or domain).

>>>

>>> I am looking for the minimum requirements for both a remote

>>> shutdown/reboot as well as a local shutdown/reboot (such as a scheduled

>>> task).

>>>

>>> I am using SHUTDOWN.EXE currently.

>>>

>>> I have given the domain user both 'Force shutdown from a remote system'

>>> as well as 'shut down the system' - but I get errors, most notably:

>>>

>>> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m

>>> \\test_server

>>> The operation completed successfully.

>>> A required privilege is not held by the client.

>>>

>>> During the local attempt, the scheduled task runs but nothing happens.

>>>

>>> Thanks

>>> Blake

>>>

>>>

>>>

>>>

>>>

>>

>>

>

>

Guest Blake

Guest Blake

Posted
Posted

Re: permissions to reboot (both locally and remotely)

 

I had a group policy overriding the one I was using to give the user

permissions to shut down the system.

 

all the user needs is 'shut down system' and 'log on as a batch job' for the

scheduled task to run.

 

Thanks

Blake

 

"Blake" <blake@blake.com> wrote in message

news:%23QKJyUclIHA.3876@TK2MSFTNGP06.phx.gbl...

>I think it is a group policy issue - will update tomorrow

>

> Blake

> "Blake" <blake@blake.com> wrote in message

> news:OgSZfOclIHA.5820@TK2MSFTNGP04.phx.gbl...

>> When the user attempts to run the shutdown command, I get event 578:

>>

>> Win32 Registry/SystemShutdown module

>> blah blah

>> Privileges: seShutdownPrivilege

>>

>> This user DOES have the 'user rights assignment' to shut down the system.

>> (as well as log on locally, as a batch job - most of the Backup Operators

>> rights)

>>

>> Thoughts?

>>

>>

>> "Anthony [MVP]" <anthony@no-reply.com> wrote in message

>> news:uOZZMBblIHA.5660@TK2MSFTNGP02.phx.gbl...

>>> If you look in the Local Security Policy and copy the User Rights

>>> Assignment for Backup Operators (except for the specific Backup and

>>> Restore rights if you don't want them to be able to do that) that should

>>> do it,

>>> Anthony,

>>> http://www.airdesk.co.uk

>>>

>>>

>>> "Blake" <blake@blake.com> wrote in message

>>> news:eGiF1balIHA.5368@TK2MSFTNGP04.phx.gbl...

>>>>I have created a domain user and I want to grant it the rights to reboot

>>>>a server (this is NOT an admin, either local or domain).

>>>>

>>>> I am looking for the minimum requirements for both a remote

>>>> shutdown/reboot as well as a local shutdown/reboot (such as a scheduled

>>>> task).

>>>>

>>>> I am using SHUTDOWN.EXE currently.

>>>>

>>>> I have given the domain user both 'Force shutdown from a remote system'

>>>> as well as 'shut down the system' - but I get errors, most notably:

>>>>

>>>> C:\Program Files\Windows Resource Kits\Tools>shutdown -r -m

>>>> \\test_server

>>>> The operation completed successfully.

>>>> A required privilege is not held by the client.

>>>>

>>>> During the local attempt, the scheduled task runs but nothing happens.

>>>>

>>>> Thanks

>>>> Blake

>>>>

>>>>

>>>>

>>>>

>>>>

>>>

>>>

>>

>>

>

>

 Share
Go to topic listing
×
×
  • Create New...