In this article you will learn how to manage the rights of non-administrative users to restart or shut down Windows computers or servers. By default, non-privileged users can only restart or shut down desktop versions of Windows and cannot restart Windows Server (shutdown and restart buttons are not available from the Start menu). Can I allow a user without local administrator rights to restart Windows Server? There is also the reverse task – how to prevent a Windows 10 computer used as an information kiosk, shipping console, etc. from rebooting.
Enable/disable and reboot options for Windows users via GPO
You can set the rights for restarting or shutting down Windows with the Exit option under GPO Computer Configuration -> Policy -> Windows Settings -> Security Settings -> Local Policy -> Assign User Rights.
Note that the default restart/disable rights are different for desktop versions of Windows 10 and Windows Server.
Open the local group policy editor (gpedit.msc) and go to the section above. As you can see, members of the local administrator, user, and backup operator groups have permission to shut down/restart a Windows 10 computer.
On the Windows 2019/2016/2012 R2/2012/2008 server, only administrators or backup operators can stop or restart the server. This is useful and logical, because in most cases a non-admin user is not allowed to shut down an external server (even if it happens occasionally). Imagine an RDSH server that is often shut down because users accidentally press the Shut Down button in the Start…. menu. menu.
However, there is no rule without exceptions. So, if you want to allow an unprivileged user to restart your Windows server, just add his accounts to this policy. You can also allow non-admin users to start/stop/restart services.
Or, conversely, you may want to prevent users of desktop versions of Windows 10 from rebooting a computer that is running a server function. In this case, all you have to do is remove the user group from the list of local disability policy systems.
Similarly, you can prevent (or allow) all computers in a specific OU in your Active Directory domain to be shut down/booted using a domain policy.
In the Group Policy Editor (gpmc.msc) of the domain, create a new lock policy (Prevent_Shutdown), configure the lock policy settings according to your needs and assign it to the OU that contains the computers or servers.
Allow remote stop/restart without administrator privileges
You can also allow certain users to remotely reboot your Windows server with the Shutdown command, without giving them local administrator rights or the right to login to your server with RDP.
To do this, in the same GPO (Assign User Rights) section, add the user account to the Force close of the remote system policy.
By default, only administrators can disable the server remotely. Add a user account to the policy.
Then the user gets the SeRemoteShutdown privilege and can reboot the server remotely with this command:
close -m \rds-sh-01 -r -f -t 0
How do I uninstall the shutdown/restart settings in Windows 10?
There is also a special policy that allows you to remove the power off, restart and hibernate options from the startup menu or the startup menu. The policy is called ‘Remove and Prevent Access to Shutdown, Restart, Hibernate, and Sleep’ commands and can be found in the next section of the GPO : User configuration -> Administrative templates -> Start menu and taskbar.
Start Menu Options 10 .
Once you have activated this policy, the user can only deactivate the current session. The On, Sleep and Restart buttons will no longer be available.
How do I know who restarted or dropped the Windows server?
If you have given a user permission to restart servers, you may want to know who restarted the server: the user or one of the administrators.
Use the Event Viewer Log (eventvwr.msc). Go to the Windows Logs -> System menu and filter the log on Event ID 1074.
As you can see, the server restarts events in the log in chronological order. The description of the event indicates the time of the restart, the reason and the account that restarted the server.
Log name : System source
EventID : 1074
The C:Windowssystem32shutdown.exe (rds-sh-01) process (rds-sh-01) has initiated a reboot of the rds-sh-01 computer on behalf of the user of contoso.com [e-mail protected] for the following reason: There is no name for this reason in the reason code: 00000ffShutdown type: rebootComment:Event ID : 1074 The C:Windowssystem32shutdown.exe process has restarted the computer on behalf of the user for the following reason: Cause code: 00000ff Type stop : Restart EventID : 1074 The C:Windowssystem32shutdown.exe process has restarted the computer on behalf of the user for the following reason: Cause code: 00000ff Type stop : Restart
You can also get information about recent Windows shutdown events. To do this, filter the logs to Event ID 1076.
remove the ability to use command prompt,windows server 2012 disable shutdown,remove power button server 2016,noclose registry,how to stop windows shutdown,ensure 'deny log on locally' is configured,group policy shut down the system,remote computer keeps turning off,windows 10 disable shutdown but allow restart,prevent user from shutting down pc windows 10,windows server 2016 shutdown button missing,windows 7 remove shutdown keep restart,group policy allow restart computer,regedit no shutdown,windows 10 remove shutdown but keep restart,remove power icon from start menu windows 10,group policy remove shutdown windows 10,disable shutdown from start menu gpo,disable shutdown but allow restart,group policy to shutdown computers windows 10,how to enable shutdown button in group policy,allow non-admin user to shutdown/reboot server 2012,how to disable shutdown option for remote desktop users in windows 10,how to disable shutdown option for remote desktop users in windows server 2016,only allow administrators to shutdown the system,no permission to shutdown and restart this computer,gpo allow shutdown,allow user to restart server,how to prevent remote desktop from shutdown