Domain Controller restart by non-Domain-Admin user

[Radim]

Hello,

We have created a special account in AD called ADM1, which is a member of the Server Operator group. Also a member of Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Force shutdown from a remote system & Shut down the system.
When I log in via RDP to the DC (Windows 2019) I am unable to restart the DC. I do not have permissions.
Command output : whoami /all
SeRemoteShutdownPrivilege Force shutdown from a remote system – Disabled 🙁

But when I type from any domain computer from elevated command prompt : shutdown -r -m \\DC2019.domain , the domain controller restart !!!

What else do I need to set to restart DC even after logging in via RDP ?
How to add to ADM1 SeRemoteShutdownPrivilege ?

Thanks for the ideas.

[Michael Pietroforte]

Does the shutdown option appear in the GUI? Perhaps you have the Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands Group policy enabled.

Can you shutdown the server from an elevated command prompt on the server with the shutdown command?

[Radim]

I have been trying different settings all week, testing and nothing – I have not been able to restart DC from Remote Desktop.
And now all of a sudden, I barely finished a post in this forum it works 🙂 Solved.

Thank you for your response.

[Michael Pietroforte]

Well, I guess that means that posting on 4sysops helps solve problems. 😉

[Author]

Posts