OK what you want is this for your NT4 boxes:
User Manger
file>select domain, point it at the member server. (no \\ for the name).
once open
POLICIES>USER RIGHTS>drop down to SHUTDOWN SYSTEM.
Organise the privligies from there.
Also if you have a look in
HKLM>software>microsoft>windowsNT>currentver>winlogon>
make sure shutdownwithoutlogon is set to 0
.
RTFM :P (how cheeky is that!!!!!!)
regards
anthony.
NB. one thing, this is shutdown, i *can't remember* if this also stops them
'restarting' the machine. but i believe it does.
let me know.
oh and i haven't played with 2k server, but i'm assuming you can set a group
or local policy for that > ie control panel>admin tools> policy secruity or
soemthing. have fun :)
-----Original Message-----
From: Gavin Landon [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: 07 September 2001 16:35
To: NT System Admin Issues
Subject: RE: Shutting down servers
Are they DELL machines? I know Dell has a problem with Terminal Services
and Reboot's. We have to use the Resource Kit tool to reboot, because the
machine will shutdown instead if we try it the standard way.
-----Original Message-----
From: Andrew Whitton [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 07, 2001 10:09 AM
To: NT System Admin Issues
Subject: Shutting down servers
We have a couple of member servers (some NT4, some W2K) that various
people need to sign onto. Because they are in a secure location they use
Terminal Services to access these.
We have had a situation where someone selected START | SHUTDOWN and then
RESTART rather than LOGOFF !!! As this was a live server we obviously want
to prevent this happening again.
We have found 2 registry settings within HKCU, 1 to remove the option to
shutdown and also 1 to add the "log off user xxx" option in START.
These are within HKCU/Software/Microsoft/Windows/CurrentVersion/Policies
We were going to apply these using a *.reg file in a logon script.
HOWEVER, most of the users that sign onto these servers arent members of
Administrators. The permissions on these keys are therefore set to READ
for these users in this case. RESULT : they cant write the required values
(we appreciate it makes sense not to allow users to change these policy
related reg settings)
Has anyone any inspired thoughts or addressed the issue of restricting
shutdown to servers in another way ?
Regards,
Andrew Whitton.
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
