In some environments, it is necessary to prevent not only Windows from shutting down the computer but users as well. For instance, kiosk computers in public places and workgroup computers where some workstations provide network storage or network printers should not be shut down by end users. The same applies to servers where not all admins are allowed to initiate restarts.

Latest posts by Michael Pietroforte (see all)

Disallow shutdowns without logon

By default, Windows desktops can be shut down by anyone without the need to log on by pressing CTRL+ALT+DEL and then clicking the red power button in the lower right corner (Vista and Windows 7). While this feature can be useful in some situations, it might cause problems in public places such as student computer rooms or kiosk computers. Note that for obvious reasons this is not possible with Windows server versions.

Shutdown without logon

To ensure that nobody can shut down a Windows desktop computer without logging on, you can use this Group Policy setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Shutdown: Allow system to be shut down without having to log on.

Remove access to the Shut Down command in the Start Menu

If you want to prevent users who are able to log on to a computer from accessing the Shut Down command in the Start Menu, you can use this Group Policy setting: User Configuration\Administrative Templates\Start Menu and Taskbar\ Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands.

Note that this setting won't stop users from restarting using third-party tools or the Windows shutdown command line tool. Thus, you can't stop computer-savvy users that way. But perhaps this is just what you want; to allow only those users who know what they are doing to shut down and restart their computers.

Remove the shutdown right

If you really want to control who can shut down Windows desktops or servers, then you need another Group Policy setting.

Group Policy - shut down right

To remove the shutdown privilege, configure this setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system. This option allows you to assign the shutdown right to certain user groups. It is the most secure one because it can't be circumvented with third-party tools. Hence, it is also a way to prevent overly keen newbie admins from rebooting every time a Windows server acts a little stubborn.

  1. Avatar
    techyoda 13 years ago

    too bad they dont have option to just remove shutdown option, but leave reboot option.

    we dont want users to shutdown desktop pcs because we patch after hours but we need them to sometimes reboot for troubleshooting purposes

  2. Avatar

    Why not patch during office hours without automatic restarts? Telling users not to shut down is not really green IT increases the power costs of your company. For troubleshooting purposes you can use Wake-on-LAN.

  3. Avatar
    Jonathon 13 years ago

    Very helpful! Thanks!

  4. Avatar
    me 13 years ago

    IT + “green” = NO

  5. Avatar
    Allie 6 years ago

    i was hoping for a command line like for use in a batch file. im creating a prank for my sis

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account