In some environments, it is necessary to prevent not only Windows from shutting down the computer but users as well. For instance, kiosk computers in public places and workgroup computers where some workstations provide network storage or network printers should not be shut down by end users. The same applies to servers where not all admins are allowed to initiate restarts.
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
Disallow shutdowns without logon
By default, Windows desktops can be shut down by anyone without the need to log on by pressing CTRL+ALT+DEL and then clicking the red power button in the lower right corner (Vista and Windows 7). While this feature can be useful in some situations, it might cause problems in public places such as student computer rooms or kiosk computers. Note that for obvious reasons this is not possible with Windows server versions.
To ensure that nobody can shut down a Windows desktop computer without logging on, you can use this Group Policy setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Shutdown: Allow system to be shut down without having to log on.
Remove access to the Shut Down command in the Start Menu
If you want to prevent users who are able to log on to a computer from accessing the Shut Down command in the Start Menu, you can use this Group Policy setting: User Configuration\Administrative Templates\Start Menu and Taskbar\ Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands.
Note that this setting won't stop users from restarting using third-party tools or the Windows shutdown command line tool. Thus, you can't stop computer-savvy users that way. But perhaps this is just what you want; to allow only those users who know what they are doing to shut down and restart their computers.
Remove the shutdown right
If you really want to control who can shut down Windows desktops or servers, then you need another Group Policy setting.
To remove the shutdown privilege, configure this setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system. This option allows you to assign the shutdown right to certain user groups. It is the most secure one because it can't be circumvented with third-party tools. Hence, it is also a way to prevent overly keen newbie admins from rebooting every time a Windows server acts a little stubborn.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
too bad they dont have option to just remove shutdown option, but leave reboot option.
we dont want users to shutdown desktop pcs because we patch after hours but we need them to sometimes reboot for troubleshooting purposes
Why not patch during office hours without automatic restarts? Telling users not to shut down is not really green IT increases the power costs of your company. For troubleshooting purposes you can use Wake-on-LAN.
Very helpful! Thanks!
Michael
IT + “green” = NO
i was hoping for a command line like for use in a batch file. im creating a prank for my sis