RE: Why shutdown become logoff in 2008 with user of Users group?
- From: jetan@xxxxxxxxxxxxxxxxxxxx ("Jeffrey Tan[MSFT]")
- Date: Thu, 18 Sep 2008 06:39:27 GMT
Hi Jojo,
Based on my understanding, your code of calling ExitWindowsEx(EWX_FORCE |
EWX_POWEROFF, 0) does not work(system performs logoff instead of shutdown)
on the Windows Server2008 machine with the security token in Users group.
If I have misunderstood you, please feel free to tell me.
My first suspicion is that the Users group security token may do not have
SE_SHUTDOWN_NAME security priviledge by default on Windows2008. To check
this, I go to secpol.msc->Local Policies->User Rights Assignment->"Shut
down the system" option. Only Adminstrators and "Backup Operators" groups
are assigned this priviledge by default on Windows2008. Since the Users
group does not have this priviledge, your code will not function correct
with Windows2008 Users group security token.
Almost all client version of Windows assign SE_SHUTDOWN_NAME privilege to
Users group by default, while server version of Windows don't. For example,
my Vista machine gives SE_SHUTDOWN_NAME to Users group, while my
Windows2003 machine do not. This is a designed choice because it is not
safe to allow a normal user to shutdown a server machine. For Windows
Server, multiple users can logon and use the same system, so the shutdown
operation will affect all the users on the system.
Actually, if you only want to shutdown the system, you can initiate the
shutdown in the Windows Service using Local System token instead of using
the interactive Users group token. This should resolve your problem.
Finally, since this is not a Win32 GDI programming questions, I recommend
you post in microsoft.public.platformsdk.security newsgroup in future.
Thanks.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- Re: Why shutdown become logoff in 2008 with user of Users group?
- From: JojoWu
- Re: Why shutdown become logoff in 2008 with user of Users group?
- From: Leslie Milburn
- Re: Why shutdown become logoff in 2008 with user of Users group?
- References:
- Prev by Date: How to bypass dialog box and window and create bitmap frames for animations of scrolling an listbox
- Next by Date: Re: Why shutdown become logoff in 2008 with user of Users group?
- Previous by thread: Why shutdown become logoff in 2008 with user of Users group?
- Next by thread: Re: Why shutdown become logoff in 2008 with user of Users group?
- Index(es):
Relevant Pages
|
