none
Allow user to shutdown server

    Question

  • Hi,

    How do I allow a regular user to shutdown a domain controller server? I do not want the user to be part of the administrators group. I just want the user to have permission to shutdown the server without having access to restricted file shares.

    Thanks

    Tuesday, August 13, 2013 1:51 AM

Answers

  • It's a small setup with just one server. From time to time, the server needs to be restarted because the backup hangs.

    While we work out the backup issue, I need to give the user access to restart the server.

    Okay.

    You need to do few changes in Group Policy

    First, Permit users to log on locally to a domain controller

    Then, Edit DDCP (Default Domain Controller Policy) and update following policy setting

    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system

    Add desired user


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own and posted AS IS.

    Tuesday, August 13, 2013 5:52 AM
    Moderator

All replies

  • It's not a good practice to allow normal users to operate Domain Controllers ! Technically it's possible to allow users to shutdown domain controllers however, why would you want to give them such an access ?

    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own and posted AS IS.

    Tuesday, August 13, 2013 5:28 AM
    Moderator
  • It's a small setup with just one server. From time to time, the server needs to be restarted because the backup hangs.

    While we work out the backup issue, I need to give the user access to restart the server.

    Thanks

    Tuesday, August 13, 2013 5:43 AM
  • It's a small setup with just one server. From time to time, the server needs to be restarted because the backup hangs.

    While we work out the backup issue, I need to give the user access to restart the server.

    Okay.

    You need to do few changes in Group Policy

    First, Permit users to log on locally to a domain controller

    Then, Edit DDCP (Default Domain Controller Policy) and update following policy setting

    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system

    Add desired user


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own and posted AS IS.

    Tuesday, August 13, 2013 5:52 AM
    Moderator
  • Hello,

    with the configured permissions create a script similar to:

    shutdown /r /m \\DCName \t 30 /c "Restart because of backup problem"

    BUT you should figure out the reason WHY the machine hangs during the backup. Contact the vendor from the software about this.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, August 13, 2013 7:16 AM
  • I have marked Santosh's reply as an answer for now. I will have this tested later.

    Thank you!

    Thursday, August 15, 2013 9:54 PM