Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 10 / Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

December 24, 2019 Group PoliciesWindows 10Windows Server 2016

Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

In this article we will look on how to manage non-admin user permissions to restart or shutdown of Windows computers or servers. By default, non-privileged users can restart or shutdown only desktop Windows versions, and cannot restart a Windows Server (shutdown and restart buttons are not available in the Start menu). Is it possible to allow a user without local administrator privileges to restart Windows Server? There is also an inverse task — how to prevent users from restarting a Windows 10 computer used as an information kiosk, a dispatcher console, etc.

Contents:
  • Allow/Prevent Shutdown and Reboot Options for Windows Users via GPO
  • Allow Remote Shutdown/Restart without Admin Permissions
  • How to Remove Shutdown/Restart Options in Windows 10?
  • How to Find Out Who Restarted/Shutdown a Windows Server?

Allow/Prevent Shutdown and Reboot Options for Windows Users via GPO

You can set the permissions to restart or shutdown Windows using the Shut down the system parameter in the GPO section Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.

Please note that the default restart/shutdown permissions for desktop Windows 10 and Windows Server editions are different.

Open the Local Group Policy Editor (gpedit.msc) and go to the section specified above. As you can see, the members of local groups Administrators, Users and Backup Operators have the permissions to shutdown/reboot a computer running Windows 10.

Shut down the system - allow user to shutdown/restart windows via gpo

On Windows Server 2016/2012 R2 only Administrators or Backup Operators can shutdown or restart a server. It is reasonable and sound, since in most cases a non-admin user must not have the privileges to shutdown a remote server (even if it happens occasionally). Just imagine an RDSH server that is often shuts down since users accidentally click on the “Shutdown” button in the Start menu…

However, there is no rule without exception. So if you want to allow a non-privileged user to restart your Windows Server, just add their accounts to this policy.

You can also grant the permissions to start/stop/restart the services for non-admin users.

Or, vice versa, you want to prevent users of desktop Windows 10 editions from restarting the computer that fulfills some server function. In this case, just remove Users group from Shut down the system local policy.

In the same way you can prevent (or allow) shutdown/reboot for all computers in the specific OU of your Active Directory domain using the domain policy.

In the domain Group Policy editor (gpmc.msc), create a new policy Prevent_Shutdown, configure the parameters of your “Shut down the system” policy according to your requirements and assign it to the OU containing computers or servers.

Allow Remote Shutdown/Restart without Admin Permissions

You can also allow some users to restart your Windows Server remotely using the shutdown command without granting them local administrator privileges or the right to log on to your server using RDP.

To do it, add a user account to the Force shutdown from a remote system policy in the same GPO section (User Rights Assignment).

By default, only administrators can shutdown the server remotely. Add a user account to the policy.

gpo to allow remote windows restart: Force shutdown from a remote system

After that the user will get the SeRemoteShutdown privilege and will be able to restart the server remotely using this command:

shutdown -m \\hamb-rds01 -r -f -t 0

How to Remove Shutdown/Restart Options in Windows 10?

Also, there is a special policy that allows to remove the Shutdown, Restart and Hibernate options from the Start screen or Start menu. The policy is called Remove and Prevent Access to the Shut Down, Restart, Sleep, and Hibernate commands and is located in the following GPO section: User Configuration -> Administrative Templates -> Start Menu and Taskbar.

Group Policy: Remove and Prevent Access to the Shut Down, Restart, Sleep, and Hibernate commands - remove Options in Windows 10 Start Menu

After you enable this policy, a user will be able only to disconnect the current session. The Shutdown, Sleep and Restart buttons will become unavailable.

start menu

How to Find Out Who Restarted/Shutdown a Windows Server?

After you have granted a user the privileges to restart your servers, you may want to know who restarted a server: a user or one of the administrators.

To do it, use the Event Viewer (eventvwr.msc) log. Go to Windows Logs -> System and filter the log by the Event ID 1074.

In the article How to Analyze RDP Connection Logs? we considered the way of using Event Viewer to get information about RDP access logs.

filte events by 1074 restart event id

As you can see, there are the events of server restart in the log in the chronological order. The event description shows the restart time, the reason and the account that restarted the server.

Log Name:System
Source: User32
EventID: 1074
The process C:\Windows\system32\shutdown.exe (BE-BAK01) has initiated the restart of computer BE-BAK01 on behalf of user corp\jsmith for the following reason: No title for this reason could be found
Reason Code: 0x800000ff
Shutdown Type: restart
Comment:

EventID: 1074 The process C:\Windows\system32\shutdown.exe has initiated the restart of computer on behalf of user for the following reason: Reason Code: 0x800000ff Shutdown Type: restart

In the same way, you can get the information about latest Windows shutdown events. To do it, filter the logs by the Event ID 1076.

1 comment
1
Facebook Twitter Google + Pinterest
previous post
PSWindowsUpdate: Managing Windows Updates from PowerShell
next post
Windows 7: End of Support Notifications, Extended Security Updates Program

Related Reading

Preparing Windows for Adobe Flash End of Life...

January 22, 2021

Checking User Logon History in Active Directory Domain...

January 22, 2021

How to Disable/Remove Thumbs.db File on Network Folders...

January 21, 2021

USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

January 15, 2021

Windows 10: No Internet Connection After Connecting to...

January 13, 2021

1 comment

Vandrey Trindade October 26, 2020 - 12:07 pm

So sad that there’s no option to disable only shutdown. I have a need to allow user to restart their machines but not shutdown.

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • Preparing Windows for Adobe Flash End of Life on December 31, 2020

    January 22, 2021
  • Checking User Logon History in Active Directory Domain with PowerShell

    January 22, 2021
  • How to Disable/Remove Thumbs.db File on Network Folders in Windows?

    January 21, 2021
  • MS SQL Server 2019 Installation Guide: Basic Settings and Recommendations

    January 19, 2021
  • USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

    January 15, 2021
  • Windows 10: No Internet Connection After Connecting to VPN Server

    January 13, 2021
  • Updating the PowerShell Version on Windows

    December 24, 2020
  • How to Enable and Configure User Disk Quotas in Windows?

    December 23, 2020
  • Restoring Deleted Active Directory Objects/Users

    December 21, 2020
  • Fix: Search Feature in Outlook is Not Working

    December 18, 2020

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Updating List of Trusted Root Certificates in Windows 10/8.1/7
  • Backup/Restore and Export Local Group Policy Settings to Another Computer
  • Allow RDP Access to Domain Controller for Non-admin Users
  • How to Show/Hide All User Accounts from Login Screen in Windows 10?
  • Reset Local Group Policy Settings in Windows
  • How to Block USB Drives in Windows using Group Policy?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top