Skip to main content
Super User

Return to Answer

formatting
Source Link
bertieb
bertieb
  • 7.5k
  • 36
  • 43
  • 54

This is an easier solution:

If you want to allow only local users to run %windir%\system32\shutdown.exe -s -t 0, grant the "SeRemoteShutdownPrivilege"SeRemoteShutdownPrivilege to the group "INTERACTIVE"INTERACTIVE. Only local users are members of this group.

How to do it: Run secpol.mscsecpol.msc. Open Security Settings \ Local Policies \ User Rights AssignmentSecurity Settings \ Local Policies \ User Rights Assignment. Double-click "Force shutdown from a remote system"Force shutdown from a remote system in the right pane. Click "Add User or Group"Add User or Group. Enter the name INTERACTIVEINTERACTIVE in the text box and click "Check names"Check names, then click OKOK, and OKOK again.

Source: http://blogs.msdn.com/aaron_margosis/archive/2006/01/27/518214.aspx

This is an easier solution:

If you want to allow only local users to run %windir%\system32\shutdown.exe -s -t 0, grant the "SeRemoteShutdownPrivilege" to the group "INTERACTIVE". Only local users are members of this group.

How to do it: Run secpol.msc. Open Security Settings \ Local Policies \ User Rights Assignment. Double-click "Force shutdown from a remote system" in the right pane. Click "Add User or Group". Enter the name INTERACTIVE in the text box and click "Check names", then click OK, and OK again.

Source: http://blogs.msdn.com/aaron_margosis/archive/2006/01/27/518214.aspx

This is an easier solution:

If you want to allow only local users to run %windir%\system32\shutdown.exe -s -t 0, grant the SeRemoteShutdownPrivilege to the group INTERACTIVE. Only local users are members of this group.

How to do it: Run secpol.msc. Open Security Settings \ Local Policies \ User Rights Assignment. Double-click Force shutdown from a remote system in the right pane. Click Add User or Group. Enter the name INTERACTIVE in the text box and click Check names, then click OK, and OK again.

Source: http://blogs.msdn.com/aaron_margosis/archive/2006/01/27/518214.aspx

Source Link
Klaus Hartnegg
Klaus Hartnegg
  • 201
  • 1
  • 5

This is an easier solution:

If you want to allow only local users to run %windir%\system32\shutdown.exe -s -t 0, grant the "SeRemoteShutdownPrivilege" to the group "INTERACTIVE". Only local users are members of this group.

How to do it: Run secpol.msc. Open Security Settings \ Local Policies \ User Rights Assignment. Double-click "Force shutdown from a remote system" in the right pane. Click "Add User or Group". Enter the name INTERACTIVE in the text box and click "Check names", then click OK, and OK again.

Source: http://blogs.msdn.com/aaron_margosis/archive/2006/01/27/518214.aspx