RE: how do I prevent power user from shutting down or rebooting a

From: "Patrick Rouse" <PatrickRouse@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 6 Sep 2005 07:44:05 -0700

Honestly, you shouldn't be messing with a production Terminal Server if you
aren't familiar with these, however, you can go to Start -> Settings ->
Control Panel -> Administrative Tools -> Local Security Policy -> Local
Policies -> User rights assignment -> Shut down the system -> Remove "Power
Users".

I highly recommend that you do all of this in a test environment, before
production. Are your non-admins/power users members of the Remote Desktop
Users Group (2003), or have user permission to the RDP-tcp connection in
tscc.msc (2000).

--
Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com

"dabbuhl1" wrote:

> Patrick,
>
> I can not get any other user to connect via terminal service except for
> power user and administrator. Am I doing something wrong? I have tried to
> test both user and mobil profiles but get the error:
>
> The local policy of this system does not permit you to login interactively.
>
> I'm not shur where to set the policy of the local system to allow
> interactively login. I'm not sure where you remove the permission on shut
> down and reboot for the power user.
>
> What other things would the power user be able to do that I may want to
> disable?
>
> Dan Abbuhl
>
>
>
> "Patrick Rouse" wrote:
>
> > I didn't mention anything about user profiles, just that it's possible to use
> > QB without users having to be members of the Power Users Group. I also
> > mentioned that you can remove the power users group from the "Shut down the
> > system" right in the local security policy, or via GPO.
> >
> > Power users get access to all kinds of things, so this is NOT a good solution.
> > --
> > Patrick Rouse
> > Microsoft MVP - Terminal Server
> > http://www.workthin.com
> >
> >
> > "dabbuhl1" wrote:
> >
> > > I tried to setup a user under the "user" and "mobil" profile but I can not
> > > log into the terminal server with that user setting. How do I go about
> > > taking away the right to shut down or reboot from the "power user" group? I
> > > only want them to access the Quick Books program, nothing else. How can I
> > > allow a user to log into the terminal server and only allow them access to QB?
> > >
> > > "Patrick Rouse" wrote:
> > >
> > > > I believe it's possible to run QB without being a power user. Check the
> > > > following info in Vera Noest's Site:
> > > >
> > > > http://ts.veranoest.net/ts_apps_qb.htm
> > > >
> > > > You can remove the power users group from the "Shut down the system" right,
> > > > via Group Policy or local security policy, however removing users from the
> > > > power users group is the best solution, because power users can do workse
> > > > things to your server than shut it off.
> > > >
> > > >
> > > > --
> > > > Patrick Rouse
> > > > Microsoft MVP - Terminal Server
> > > > http://www.workthin.com
> > > >
> > > >
> > > > "dabbuhl1" wrote:
> > > >
> > > > > I am running Windows Server 2003 with terminal services. I use this to allow
> > > > > users to run Quick Books from our remote stores. This allows our 4 stores to
> > > > > access inventory and post payments from any of our retail stores easily. The
> > > > > problem is, everyone that connects via terminal services has to be a power
> > > > > user to access the Quick books program. I have tested this out of curiosity
> > > > > and forsee a problem down the line. Any user that logs in can reboot or shut
> > > > > down the server. How do I prevent or disallow this?
> > > > >
> > > > >
.

Follow-Ups:
- RE: how do I prevent power user from shutting down or rebooting a
  - From: dabbuhl1

References:
- how do I prevent power user from shutting down or rebooting a TS
  - From: dabbuhl1
- RE: how do I prevent power user from shutting down or rebooting a TS
  - From: Patrick Rouse
- RE: how do I prevent power user from shutting down or rebooting a
  - From: dabbuhl1
- RE: how do I prevent power user from shutting down or rebooting a
  - From: Patrick Rouse
- RE: how do I prevent power user from shutting down or rebooting a
  - From: dabbuhl1

Prev by Date: Re: which TS mode
Next by Date: Re: which TS mode
Previous by thread: RE: how do I prevent power user from shutting down or rebooting a
Next by thread: RE: how do I prevent power user from shutting down or rebooting a
Index(es):
- Date
- Thread

Relevant Pages

Re: Create Power User Account on XP Home
... Power User Group--do I just add that user to the new group or should I also ... have them members of both groups or just the Power Users Group? ... security options on the Pro PC it is set to authenticate as guest only. ... >> screw up my Internet Connection Sharing if I add the users to the Power ...
(microsoft.public.windowsxp.general)
Re: Login error for new user on Domain Controller TS
... she can logon to the Terminal Server no ... Members of the remote desktop ... Security Group called Remote Users. ... Where is the built-in Remote Desktop Users Group on a DC. ...
(microsoft.public.windows.terminal_services)
Re: Can not log into my terminal server - logon error
... Microsoft MVP - Terminal Server ... If you are not a member of the Remote ... Users group or another group that has this right, or if remote desktop ...
(microsoft.public.windows.terminal_services)
Re: Can not log into my terminal server - logon error
... Microsoft MVP - Terminal Server ... If you are not a member of the Remote ... Users group or another group that has this right, or if remote desktop ...
(microsoft.public.windows.terminal_services)
Re: Domain User Question
... How can I set the equivient of a "power user" in the domain users groups ... do not want them to have admin rights). ... Add the Domain Users Group to the Local Power Users Group on each machine. ... and just set the Permission on the Key so that the regular Local Users Group ...
(microsoft.public.windows.server.general)