Oct 23 2020 02:43 AM
Hi
I am learning windows server 2019 and i have a problem about RD:
i have a user (test_1) in an OU and this user have access to Remote Desktop, locally this user have access to "Sign out" option only but when using Remote Desktop this user have access to:
1. Disconnect
2. Shutdown
3. Restart
how can i disable shutdown/restart options for remote users ?
i tried this ways:
- apply a GPO to Related OU (...start menu and taskbar > enabling "remove and prevent access to the shutdown...)
- checking user (test_1) "Member Of tab" and the only groups are: Domain users and Remote desktop users
- Local group policy > local policy > user right assignments > shutdown the system policy is unavailable
("The setting is not compatible with computers running Windows 2000 SP 1 or earlier. Apply Group Policy Objects containing this setting only to computers running a later version of the operating system.")
Oct 23 2020 07:44 AM - edited Oct 23 2020 07:53 AM
Solution
Hi @Mehrdad1993,
I applied a group policy includes only "Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands" is on User Configuration of Group Policy Management.
Also I used the policy on User Configuration, didn't on Computer Configuration.
You have to apply the policy to OU which includes users, not computers.
Group Policy
Other User Clicked to Power Button
Other User Clicked to User Button
Test User Clicked to Power Button
Test User Clicked to User Button
Oct 23 2020 09:30 AM
Oct 23 2020 11:08 AM
Hi @Mehrdad1993,
When applying different policies to the same OU, you must be careful that the policies don't overlap each other.
If your problem was solved, please don't remember accept the answer as the best response.
Best Regards
Hasan Emre SATILMIŞ
Oct 23 2020 12:36 PM
Try running below and check if results are as expected.
gpresult /h C:\report.html
Oct 23 2020 10:46 PM
@hasanemresatilmis Note that this affects only the GUI options. The user still can shutdown the system from command line or third-party application.
To prevent more resourceful users from shutting down the system, remove their right to do so. Still in gpedit.msc, go to Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment, edit the "Shut down the system" privilege and remove "Users" from the list.
Oct 24 2020 04:07 AM
Hi @Jan Ringoš,
Thanks for your completion. When this is added to the policy I mentioned earlier, the result will be as follows in the command prompt.
@Mehrdad1993, is your problem completely solved?
Oct 24 2020 04:51 AM
Oct 24 2020 08:57 AM
Operation was successfully
Thank you All.
Oct 24 2020 11:32 AM
Glad to hear, you're welcome.
(please don't forget to mark helpful replies)
Oct 24 2020 12:02 PM
Feb 08 2022 01:29 PM
Feb 11 2022 03:36 AM
Hi @mjm1231,
Same configuration for users via Group Policy.
User Configuration -> Policies -> Administrative Templates -> Start Menu and Taskbar -> Remove and prevent access to the Shut Down, Restart, Sleep and Hibernate commands.
Feb 11 2022 06:40 AM
Yes. This is the same instruction in the original post. I understand the intent is to prevent them from shutting down a computer they have accessed via RDP. But this does not answer my question.
My question is: How does a user affected by this policy shut down their own personal computer, where they are logged in locally? Wouldn't the same policy also prevent them from shutting down in that instance also?
Feb 13 2022 10:02 PM
Hi @mjm1231i,
If you apply this policy via computer configuration for only an OU which includes only servers, client computers won't affect from that policy. Your client computers and servers are in the same OU, you can use WMI filtering for Group Policy.
Feb 13 2022 10:18 PM