Windows has a local security policy for disabling the ability to shut down a computer, but this also blocks the ability to restart the machine.
Is there a way to block only shutdown without blocking restart?
Asked
Active
Viewed 1,277 times
3
-
1What would be the point? If you restart a computer, you really do a shutdown and THEN automatic restart. A user could interrupt the restart thus doing the same as a shutdown. – mdpc Oct 21 '14 at 01:14
-
@mdpc The greatest advantage I can see why you would prevent a shutdown is that once completed you no longer have a running operating system. If this machine is located remotely you have conveniently shot yourself in your foot. – captcha Oct 21 '14 at 01:56
-
The main purpose is to prevent someone from accidentally shutting down the machine. It hosts some stuff on the LAN, so it needs to stay on. That said, I don't want to prevent restarts since those won't take it offline for very long and are sometimes necessary. – CXL Oct 21 '14 at 04:43
1 Answers
4
The Windows security model doesn't differentiate between "Shutdown" and "Restart". In terms of user rights assignments they're the same thing.
I've had some similar scenarios with task-oriented computers where I'd sometimes need the user to be able to restart the computer (but not shutdown). (I can't say I've ever been happy with these situations but we have to do what we have to do.)
I've done as follows:
Hide the user interface for "Shutdown" and "Restart" (using the "Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands" Group Policy setting)
Create a desktop shortcut to run
shutdown -r -t 1 -f
This isn't at all an ideal situation, but it seems to have worked reasonably well in the few times I've needed to do it.
Evan Anderson
- 141,881
- 20
- 196
- 331
-
I think this is probably going to be the route I take as well - so hiding the commands versus disabling the ability allows command-line restart to work. Thanks! – CXL Oct 22 '14 at 02:04