Forum Discussion
Remote Desktop users have access to shutdown/restart, how disable these ?
Hi Mehrdad1993,
I applied a group policy includes only "Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands" is on User Configuration of Group Policy Management.
Also I used the policy on User Configuration, didn't on Computer Configuration.
You have to apply the policy to OU which includes users, not computers.
Group Policy
Other User Clicked to Power ButtonOther User Clicked to User ButtonTest User Clicked to Power ButtonTest User Clicked to User Button
hasanemresatilmisI think you are missing what mjm1231 is asking which is a side effect of this option that is not ideal for my users who work in and out of the office regularly. I do not want remote in to reboot when their Office apps do what they do best and "Not Respond"...It took me long enough to get everyone to reboot as a 1st level self-troubleshoot.
Power options on the Client computer are not the issue here, power options on the Host...when the user is logged in locally is the concern. For instance, let's say you have users that are accessing their desktops which are on the domain (and their primary device) on RDP via VPN on a laptop (not on the domain) from home. You wouldn't want the user to Shut Down their Desktop by mistake and not be able to access it remotely and require a physical intervention. However if you make the change to either of the GPEdit.msc settings suggested above they do not have Power Options in the Start Menu when they return to their Domain Desktop and login locally. You can't give them a script to autorun in command prompt as users are denied access as pointed out earlier. I would think that there would be a Group Policy that you could push that only removes Shut Down options for Remote Desktop Users while connected to TS sessions. I am going to look into this one and I'll report back if I find resolution. Any input would be welcomed and appreciated.
Yes you're right. I couldn't understand mjm1231's question before. But I understand now.
mjm1231,
If you apply the policy to the OU where the Terminal servers are located and enable the Group Policy Loopback Processing Mode in the same policy, I think your problem will be solved.
You can enable Group Policy Loopback Processing Mode in the same policy from the Group Policy setting below.
Computer Configuration > Policies > Administrative Templates > System > Group Policy > Configure user Group Policy loopback processing mode
Merge: When selected, user policies linked to computer OU will be applied along with the other user policies that linked to the user OU. If any conflicting setting between policies, GPO will process them normally based on the link order.
Replace: When selected, user policies linked to computer OU will override the other user policies that linked to the user OU.
hasanemresatilmis I'm pretty sure this isn't the correct discussion for my problem but it was as close as I could find. My remote access problems are severe! So bad that almost every week I have to completely reinstall windows because I'd lost all control over the computer. Every thing on the internet I've done trying to disable it but I get the access denied pop up when I try to disable the good stuff. Whoever or whatever is doing this has been doing this for almost a year. I've lost count of all the phones, computers, laptops, tablets I've went through. Family members every got infected through a device of mine. It don't matter where I go what device I use wifi or mobile data or ethernet. None of that matters. VAN's do nothing. Creating fake accounts do nothing. Even if I was able to stop the problem would it not only be temporary? I've tried rooting phones to install custom firmware but that's not allowed. What ever process I use gets completely shut down usually at the final step. It's like NSA sh$t. Is this just gonna be how it is for me?
