cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Remote Desktop users have access to shutdown/restart, how disable these ?

%3CLINGO-SUB%20id%3D%22lingo-sub-1811755%22%20slang%3D%22en-US%22%3ERemote%20Desktop%20users%20have%20access%20to%20shutdown%2Frestart%2C%20how%20disable%20these%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1811755%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3EI%20am%20learning%20windows%20server%202019%20and%20i%20have%20a%20problem%20about%20RD%3A%3C%2FP%3E%3CP%3Ei%20have%20a%20user%20(test_1)%20in%20an%20OU%20and%20this%20user%20have%20access%20to%20Remote%20Desktop%2C%20locally%20this%20user%20have%20access%20to%20%22Sign%20out%22%20option%20only%20but%20when%20using%20Remote%20Desktop%20this%20user%20have%20access%20to%3A%3C%2FP%3E%3CP%3E1.%20Disconnect%3C%2FP%3E%3CP%3E2.%20Shutdown%3C%2FP%3E%3CP%3E3.%20Restart%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ehow%20can%20i%20disable%26nbsp%3Bshutdown%2Frestart%20options%20for%20remote%20users%20%3F%3C%2FP%3E%3CP%3Ei%20tried%20this%20ways%3A%3C%2FP%3E%3CP%3E-%20apply%20a%20GPO%20to%20Related%20OU%20(...start%20menu%20and%20taskbar%20%26gt%3B%20enabling%20%22remove%20and%20prevent%20access%20to%20the%20shutdown...)%3C%2FP%3E%3CP%3E-%20checking%20user%20(test_1)%20%22Member%20Of%20tab%22%20and%20the%20only%20groups%20are%3A%20Domain%20users%20and%20Remote%20desktop%20users%3C%2FP%3E%3CP%3E-%20Local%20group%20policy%20%26gt%3B%20local%20policy%20%26gt%3B%20user%20right%20assignments%20%26gt%3B%20shutdown%20the%20system%20policy%20is%20unavailable%26nbsp%3B%3C%2FP%3E%3CP%3E(%3CSPAN%3E%22The%20setting%20is%20not%20compatible%20with%20computers%20running%20Windows%202000%20SP%201%20or%20earlier.%20%26nbsp%3BApply%20Group%20Policy%20Objects%20containing%20this%20setting%20only%20to%20computers%20running%20a%20later%20version%20of%20the%20operating%20system.%22)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1811755%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Edisable%20shutdown%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1812674%22%20slang%3D%22en-US%22%3ERe%3A%20Remote%20Desktop%20users%20have%20access%20to%20shutdown%2Frestart%2C%20how%20disable%20these%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1812674%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F545708%22%20target%3D%22_blank%22%3E%40Mehrdad1993%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20applied%20a%20group%20policy%20includes%20only%20%22Remove%20and%20prevent%20access%20to%20the%20Shut%20Down%2C%20Restart%2C%20Sleep%2C%20and%20Hibernate%20commands%22%20is%20on%20User%20Configuration%20of%20Group%20Policy%20Management.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20have%20to%20apply%20the%20policy%20to%20OU%20which%20includes%20users%2C%20not%20computers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22GroupPolicy.PNG%22%20style%3D%22width%3A%20954px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F228735i88F2C89347DBD461%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22GroupPolicy.PNG%22%20alt%3D%22Group%20Policy%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EGroup%20Policy%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22OtherUser-PowerClick.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F228736iE8820F809FDAAD07%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22OtherUser-PowerClick.PNG%22%20alt%3D%22Other%20User%20Clicked%20to%20Power%20Button%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EOther%20User%20Clicked%20to%20Power%20Button%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22OtherUser-UserClick.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F228737iD5E05ED7D98C2845%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22OtherUser-UserClick.PNG%22%20alt%3D%22Other%20User%20Clicked%20to%20User%20Button%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EOther%20User%20Clicked%20to%20User%20Button%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Test01-PowerClick.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F228738i3821D72723183577%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Test01-PowerClick.PNG%22%20alt%3D%22Test%20User%20Clicked%20to%20Power%20Button%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ETest%20User%20Clicked%20to%20Power%20Button%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Test01-UserClick.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F228739iEB123BBAADD2F560%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Test01-UserClick.PNG%22%20alt%3D%22Test%20User%20Clicked%20to%20User%20Button%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ETest%20User%20Clicked%20to%20User%20Button%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1813155%22%20slang%3D%22en-US%22%3ERe%3A%20Remote%20Desktop%20users%20have%20access%20to%20shutdown%2Frestart%2C%20how%20disable%20these%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1813155%22%20slang%3D%22en-US%22%3Ei%20did%20it%20but%20i%20dont%20know%20how%2C%20morning%20i%20applied%20too%20many%20domain%20and%20local%20group%20policies%20and%20now%20shutdown%20button%20i%20gone%20but%20now%20i%20cant%20bring%20back%20it%20%3A)))%3CBR%20%2F%3E%3CBR%20%2F%3Ei%20learned%20new%20lesson%3A%20never%20apply%20multiple%20GPO%20at%20once.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1813465%22%20slang%3D%22en-US%22%3ERe%3A%20Remote%20Desktop%20users%20have%20access%20to%20shutdown%2Frestart%2C%20how%20disable%20these%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1813465%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F545708%22%20target%3D%22_blank%22%3E%40Mehrdad1993%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20applying%20different%20policies%20to%20the%20same%20OU%2C%20you%20must%20be%20careful%20that%20the%20policies%20don't%20overlap%20each%20other.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20your%20problem%20was%20solved%2C%20please%20don't%20remember%20accept%20the%20answer%20as%20the%20best%20response.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20Regards%3CBR%20%2F%3EHasan%20Emre%20SATILMI%C5%9E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1813590%22%20slang%3D%22en-US%22%3ERe%3A%20Remote%20Desktop%20users%20have%20access%20to%20shutdown%2Frestart%2C%20how%20disable%20these%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1813590%22%20slang%3D%22en-US%22%3E%3CP%3ETry%20running%26nbsp%3Bbelow%20and%20check%20if%20results%20are%20as%20expected.%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3Egpresult%20%2Fh%20C%3A%5Creport.html%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1814561%22%20slang%3D%22en-US%22%3ERe%3A%20Remote%20Desktop%20users%20have%20access%20to%20shutdown%2Frestart%2C%20how%20disable%20these%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1814561%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F778023%22%20target%3D%22_blank%22%3E%40hasanemresatilmis%3C%2FA%3E%26nbsp%3BNote%20that%20this%20affects%20only%20the%20GUI%20options.%20The%20user%20still%20can%20shutdown%20the%20system%20from%20command%20line%20or%20third-party%20application.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20prevent%20more%20resourceful%20users%20from%20shutting%20down%20the%20system%2C%20remove%20their%20right%20to%20do%20so.%20Still%20in%20%3CSTRONG%3Egpedit.msc%3C%2FSTRONG%3E%2C%20go%20to%20%3CEM%3EComputer%20Configuration%20%2F%20Windows%20Settings%20%2F%20Security%20Settings%20%2F%20Local%20Policies%20%2F%20User%20Rights%20Assignment%3C%2FEM%3E%2C%20edit%20the%20%22%3CEM%3EShut%20down%20the%20system%3C%2FEM%3E%22%20privilege%20and%20remove%20%22%3CEM%3EUsers%3C%2FEM%3E%22%20from%20the%20list.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Mehrdad1993
Occasional Contributor

‎10-23-2020 02:43 AM

‎10-23-2020 02:43 AM

Remote Desktop users have access to shutdown/restart, how disable these ?

Hi

I am learning windows server 2019 and i have a problem about RD:

i have a user (test_1) in an OU and this user have access to Remote Desktop, locally this user have access to "Sign out" option only but when using Remote Desktop this user have access to:

1. Disconnect

2. Shutdown

3. Restart

 

how can i disable shutdown/restart options for remote users ?

i tried this ways:

- apply a GPO to Related OU (...start menu and taskbar > enabling "remove and prevent access to the shutdown...)

- checking user (test_1) "Member Of tab" and the only groups are: Domain users and Remote desktop users

- Local group policy > local policy > user right assignments > shutdown the system policy is unavailable 

("The setting is not compatible with computers running Windows 2000 SP 1 or earlier.  Apply Group Policy Objects containing this setting only to computers running a later version of the operating system.")

 

 

485 Views
0 Likes
10 Replies
Reply
10 Replies
Highlighted
Best Response confirmed by Mehrdad1993 (Occasional Contributor)
hasanemresatilmis

‎10-23-2020 07:44 AM - edited ‎10-23-2020 07:53 AM

‎10-23-2020 07:44 AM - edited ‎10-23-2020 07:53 AM

Solution

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

 

Hi @Mehrdad1993,

 

I applied a group policy includes only "Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands" is on User Configuration of Group Policy Management.

 

Also I used the policy on User Configuration, didn't on Computer Configuration.

 

You have to apply the policy to OU which includes users, not computers.

 

 

Group PolicyGroup Policy

Other User Clicked to Power ButtonOther User Clicked to Power ButtonOther User Clicked to User ButtonOther User Clicked to User ButtonTest User Clicked to Power ButtonTest User Clicked to Power ButtonTest User Clicked to User ButtonTest User Clicked to User Button

 

 

 

 

 

 

1 Like
Reply
Highlighted
Mehrdad1993

‎10-23-2020 09:30 AM

‎10-23-2020 09:30 AM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

i did it but i dont know how, morning i applied too many domain and local group policies and now shutdown button i gone but now i cant bring back it :)))

i learned new lesson: never apply multiple GPO at once.
0 Likes
Reply
Highlighted
hasanemresatilmis

‎10-23-2020 11:08 AM

‎10-23-2020 11:08 AM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

 

Hi @Mehrdad1993,

 

When applying different policies to the same OU, you must be careful that the policies don't overlap each other.

 

If your problem was solved, please don't remember accept the answer as the best response.

 

Best Regards
Hasan Emre SATILMIŞ

1 Like
Reply
Highlighted
Dave Patrick

‎10-23-2020 12:36 PM

‎10-23-2020 12:36 PM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

Try running below and check if results are as expected.

gpresult /h C:\report.html

 

1 Like
Reply
Highlighted
Jan Ringoš

‎10-23-2020 10:46 PM

‎10-23-2020 10:46 PM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

@hasanemresatilmis Note that this affects only the GUI options. The user still can shutdown the system from command line or third-party application.

 

To prevent more resourceful users from shutting down the system, remove their right to do so. Still in gpedit.msc, go to Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment, edit the "Shut down the system" privilege and remove "Users" from the list.

2 Likes
Reply
Highlighted
hasanemresatilmis

‎10-24-2020 04:07 AM

‎10-24-2020 04:07 AM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

 

Hi @Jan Ringoš,

 

Thanks for your completion. When this is added to the policy I mentioned earlier, the result will be as follows in the command prompt.

 

TestUser - Shutdown.PNG

 

@Mehrdad1993, is your problem completely solved?

 

 

2 Likes
Reply
Highlighted
Mehrdad1993

‎10-24-2020 04:51 AM

‎10-24-2020 04:51 AM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

i found problem, seems i had changed this policy:

default domain controller policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Shut down the system

i add "everyone" and "users" to this policy and now users have access to shutdown and restart, with removing these two groups users will lost access to shutdown button.

this policy doesn't work with gpupdate /force command and server restart is needed.

now its time to try @hasanemresatilmis solution.
0 Likes
Reply
Highlighted
Mehrdad1993

‎10-24-2020 08:57 AM

‎10-24-2020 08:57 AM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

Operation was successfully :smile:

 

Thank you All.

 
0 Likes
Reply
Highlighted
Dave Patrick

‎10-24-2020 11:32 AM

‎10-24-2020 11:32 AM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

Glad to hear, you're welcome.

 

(please don't forget to mark helpful replies)

 

 

 

0 Likes
Reply
Highlighted
hasanemresatilmis

‎10-24-2020 12:02 PM

‎10-24-2020 12:02 PM

Re: Remote Desktop users have access to shutdown/restart, how disable these ?

 

Hi @Mehrdad1993,

 

I'm glad to the problem is solved. You're welcome :)

0 Likes
Reply