"Force shutdown from a remote system"
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
"Force shutdown from a remote system" <-> 10-13-2006
Posted by James Saveker on October 13, 2006, 7:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I think you are refering to a GP setting and this can override someone with
local admin privs on a box from executing a remote shut down with the
"shutdown" command.

e.g.

shutdown /s /m \jimbo /e "I am being annoying and shutting down Jimbo's
workstation"

Kind regards,

Jimbo.

> What do they really mean by this? I was able to shut down a server with
> no users having this user right, using terminal services. I took everyone
> out of this user right, and I refreshed the policy then connected to the
> server via terminal services, and proceeded to shut it down, no problem.
> What kind of tool does this policy expect the remote user is going to be
> using to accomplish the shutdown? 'Cuz it sure ain't terminal services.
>
> Any ideas appreciated.
>


Posted by Roger Abell [MVP] on October 14, 2006, 1:54 am
If you were  Registered and logged in, you could reply and use other advanced thread options
>I think you are refering to a GP setting and this can override someone with
>local admin privs on a box from executing a remote shut down with the
>"shutdown" command.
>
> e.g.
>
> shutdown /s /m \jimbo /e "I am being annoying and shutting down Jimbo's
> workstation"
>

Ummm . . . no, this user right grants that capability,
not denies it, so it certainly cannot be used to prevent
an account from using their capabilities.

>> What do they really mean by this? I was able to shut down a server with
>> no users having this user right, using terminal services. I took
>> everyone out of this user right, and I refreshed the policy then
>> connected to the server via terminal services, and proceeded to shut it
>> down, no problem. What kind of tool does this policy expect the remote
>> user is going to be using to accomplish the shutdown? 'Cuz it sure ain't
>> terminal services.
>>
>> Any ideas appreciated.
>>
>



Posted by on October 16, 2006, 3:44 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
But, in terms of the _method_ of shutdown, the shutdown.exe command is the
only method this policy addresses?


>>I think you are refering to a GP setting and this can override someone
>>with local admin privs on a box from executing a remote shut down with the
>>"shutdown" command.
>>
>> e.g.
>>
>> shutdown /s /m \jimbo /e "I am being annoying and shutting down Jimbo's
>> workstation"
>>
>
> Ummm . . . no, this user right grants that capability,
> not denies it, so it certainly cannot be used to prevent
> an account from using their capabilities.
>
>>> What do they really mean by this? I was able to shut down a server with
>>> no users having this user right, using terminal services. I took
>>> everyone out of this user right, and I refreshed the policy then
>>> connected to the server via terminal services, and proceeded to shut it
>>> down, no problem. What kind of tool does this policy expect the remote
>>> user is going to be using to accomplish the shutdown? 'Cuz it sure
>>> ain't terminal services.
>>>
>>> Any ideas appreciated.
>>>
>>
>
>



Posted by Roger Abell [MVP] on October 17, 2006, 2:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options
No.

shutdown.exe is just a little exe MS made available at one time that has
stuck

I have spent a little time trying to see whether I can find a statement as
to just
exactly what APIs, what providers, what namespace classes' methodes are
covered by this settings.

Hoevers, all that I have found just says, as this from the W2k3 Security
Guide
<quote>
This policy setting determines whether users can shut down computers from
remote locations on the network. Any user who can shut down a computer could
cause a DoS condition. Therefore, this user right should be tightly
restricted.

</quote>

In other words, the statements I have seen just make unconditional statement
that this allows use of remote means for shutdown, from which it seems that
all available ways are wired to obey thius right.

I know that when I use Wmi it is a requirement that one specify the shutdown
right when initially instancing the objects one uses (and of course this
explicit
request is only honored if it is granted to the account in use) because
otherwise
this is not enabled on the object obtained even when allowed to the account
used.



> But, in terms of the _method_ of shutdown, the shutdown.exe command is the
> only method this policy addresses?
>
>
>>>I think you are refering to a GP setting and this can override someone
>>>with local admin privs on a box from executing a remote shut down with
>>>the "shutdown" command.
>>>
>>> e.g.
>>>
>>> shutdown /s /m \jimbo /e "I am being annoying and shutting down Jimbo's
>>> workstation"
>>>
>>
>> Ummm . . . no, this user right grants that capability,
>> not denies it, so it certainly cannot be used to prevent
>> an account from using their capabilities.
>>
>>>> What do they really mean by this? I was able to shut down a server
>>>> with no users having this user right, using terminal services. I took
>>>> everyone out of this user right, and I refreshed the policy then
>>>> connected to the server via terminal services, and proceeded to shut it
>>>> down, no problem. What kind of tool does this policy expect the remote
>>>> user is going to be using to accomplish the shutdown? 'Cuz it sure
>>>> ain't terminal services.
>>>>
>>>> Any ideas appreciated.
>>>>
>>>
>>
>>
>
>



Posted by on October 18, 2006, 5:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
So, what exactly is the point of this policy, it doesn't really seem to do
anything.


> No.
>
> shutdown.exe is just a little exe MS made available at one time that has
> stuck
>
> I have spent a little time trying to see whether I can find a statement as
> to just
> exactly what APIs, what providers, what namespace classes' methodes are
> covered by this settings.
>
> Hoevers, all that I have found just says, as this from the W2k3 Security
> Guide
> <quote>
> This policy setting determines whether users can shut down computers from
> remote locations on the network. Any user who can shut down a computer
> could cause a DoS condition. Therefore, this user right should be tightly
> restricted.
>
> </quote>
>
> In other words, the statements I have seen just make unconditional
> statement
> that this allows use of remote means for shutdown, from which it seems
> that
> all available ways are wired to obey thius right.
>
> I know that when I use Wmi it is a requirement that one specify the
> shutdown
> right when initially instancing the objects one uses (and of course this
> explicit
> request is only honored if it is granted to the account in use) because
> otherwise
> this is not enabled on the object obtained even when allowed to the
> account used.
>
>
>
>> But, in terms of the _method_ of shutdown, the shutdown.exe command is
>> the only method this policy addresses?
>>
>>
>>>>I think you are refering to a GP setting and this can override someone
>>>>with local admin privs on a box from executing a remote shut down with
>>>>the "shutdown" command.
>>>>
>>>> e.g.
>>>>
>>>> shutdown /s /m \jimbo /e "I am being annoying and shutting down
>>>> Jimbo's workstation"
>>>>
>>>
>>> Ummm . . . no, this user right grants that capability,
>>> not denies it, so it certainly cannot be used to prevent
>>> an account from using their capabilities.
>>>
>>>>> What do they really mean by this? I was able to shut down a server
>>>>> with no users having this user right, using terminal services. I took
>>>>> everyone out of this user right, and I refreshed the policy then
>>>>> connected to the server via terminal services, and proceeded to shut
>>>>> it down, no problem. What kind of tool does this policy expect the
>>>>> remote user is going to be using to accomplish the shutdown? 'Cuz it
>>>>> sure ain't terminal services.
>>>>>
>>>>> Any ideas appreciated.
>>>>>
>>>>
>>>
>>>
>>
>>
>
>



Similar ThreadsPosted
Component Services Remote Shutdown Permissions November 9, 2005, 4:09 am
Hide system processes monitoring to remote computers under XP November 7, 2007, 6:19 am
Force reboot in WSUS September 22, 2005, 3:55 pm
Use of Kerberos unreliable, can I force it? July 17, 2008, 5:03 am
Force password change at next logon. October 14, 2008, 6:49 am
Virtual Task Force Nabs 565 Cyber Criminals May 23, 2006, 7:18 pm
How to force a (the same !) user to logon when connecting to a network shared folder ? March 4, 2007, 8:19 am
Is it possible to use "Run As" in a shutdown script? January 7, 2006, 11:01 am
shutdown logfile January 21, 2006, 6:29 am
Strange Message on Shutdown...! July 13, 2005, 7:22 pm

The site map in XML format XML site map

Contact Us | Privacy Policy