Re: Setting a shut down 'safety catch' for servers

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 12/14/04 

Date: Mon, 13 Dec 2004 21:18:08 -0800

Take away the "Shutdown the System" privilege from all users/groups. The
only option is for users to disconnect/logoff.

Then, create one special user whose account credentials are known to your
admins. Create a link using RUNAS with that credential to execute shutdown
(shutdown -s -t 0 -f) and put the link in "all users" Desktop profile (or
wherever you want).

You now have this shortcut on the desktop that asks for a password which has
to be correct before the system shuts down. Everyone normally logoff by
default.

This comes pretty close to your desire for an admin to "re-enter [their]
password to be able to shutdown the server". 

-- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"desil" <desil@discussions.microsoft.com> wrote in message
news:7E9E76D7-B796-4C90-8371-3FCCCA372119@microsoft.com...
BTW, I do know about the old trick of pressing "Ctrl-Alt-Del" to abort a
Shut
Down that has just started, but there's three problems with this:
   1) There's a very limited time to do it, so one must be able to remember
it very quickly.
   2) Servers these days are often administered through terminal sessions,
so it's practically impossible to send the equivalent of a "Ctrl-Alt-Del"
signal to the server in time (it usually involves right-clicking or
selecting
from window menus in the client).
   3) The operator has to know about the trick in the first place.
"desil" wrote:
> Hi,
>
> One thing that has always worried me is how easy it is to accidentally
> select "Shut Down" or "Restart" on Windows servers when meaning to just
> select "Log Off".
>
> I've implemented a Group Policy that adds the "Log Off xxx" option to the
> Start Menu, but it's still relatively easy to shut down a server by
accident.
> Other than installing third-party utilities, are there any built-in
methods
> in Windows 2000 Server to add an extra level of confirmation for a system
> shut down? Ideally, the (admin) user would have to re-enter their password
to
> confirm.
>
> What options are there in Windows Server 2003?
>
> Thanks,
> desil.

Relevant Pages

  • Re: Setting a shut down safety catch for servers
    ... Take away the "Shutdown the System" privilege from all users/groups. ... create one special user whose account credentials are known to your ... password to be able to shutdown the server". ... > select "Shut Down" or "Restart" on Windows servers when meaning to just ...
    (microsoft.public.windows.server.general)
  • Re: NT to XP
    ... Windows servers need to be shutdown regularly in order to update Microsft ... I've had a win2k server ... > for over 150 days without rebooting or shutting down. ...
    (microsoft.public.windowsxp.general)
  • RE: Logon Screen Object Does Not Appear On Servers Local Monitor
    ... The best way is to directly use the keyboard and the mouse to test ... I understand you will contact Rariton to get the new hardware, ... Technically speaking, Exchange 2003 service should be shutdown first, then ... Exchange Server 2003 Computer Takes Longer Than You Expect to Shut Down ...
    (microsoft.public.windows.server.general)
  • Re: Post SP1 shutdown slow
    ... Make no mistake about that it's a key function that has been broken by the security changes in SP1. ... What you're not getting here is that this post-SBS/SP1 slower shutdown has nothing to do with the fix in the article you cite. ... Mty pre-SBS/SP1 systems that shutdown more quickly have the exact same registry value as systems that shut down more slowly post SBS/SP1. ... Services may stop abruptly when you shut down or restart a Windows Small Business Server 2003-based computer: ...
    (microsoft.public.windows.server.sbs)
  • Re: Frequent panics on Dell Latitude D610 running 6.1-STABLE GENERIC
    ... X connection to:0.0 broken (explicit kill or server shutdown). ...
    (freebsd-stable)