Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Non-Admin User remotely shuts down the Host system


21 Jan 2009   #1

Win 7
 
 
Non-Admin User remotely shuts down the Host system

Non-Admin User remotely shuts down the Host system

Description: Non-administrative users can remotely shut down a Windows XP Service Pack 3-based system by using the terminal service command TSShutdn.exe command from Win 7 system.

Environment:
Host: CPU- Pentium[R] D 2.80 GHz
Operating System- Windows XP with SP3
RAM- 1 GB

Client: CPU - Pentium[R] D 2.80 GHz
Operating System- Win 7
RAM- 1 GB
Repro Steps:
Configuration on Host PC:
  • Goto Computer Management (My Computer->Manage).
  • Create a local user (Non-Admin User)
  • Add the local user to the “Remote Desktop Users Group”
  • Log Off from the host system (XP SP3)

Remote Login through Client PC:
  • Login to the host system remotely using the Host system local user credentials (Created in step 2)
  • Goto command prompt type the terminal service command “tsshutdn.exe”.
  • The system prompts “The system will shutdown in less than 60 sec”.
  • The host PC is shutdown

Expected result: Local user (Non-Admin users) shouldn’t able to shut down the system remotely.
Actual Result: Local user (Non-Admin users) was able to shut down the system remotely.


Remarks:
The scenario is even true when the host is Win 7 and client is – XP with SP3


My System SpecsSystem Spec
.

21 Jan 2009   #2

Win 7
 
 

It ststes that it has been fixed in XP-SP2 and even in SP3, we need clarity for this...as we were able to reproduce this in XP sp3 and WIN 7....
My System SpecsSystem Spec
22 Jan 2009   #3

 

whoops - that is pretty serious.

I have Windows 7 installed and we use XP at school so I can try this as long as I have terminal services installed - I'll give it a whirl.

Nice find, and if it happens to work even on these computers that I have access to that are joined on a Domain, this is pretty serious stuff.
My System SpecsSystem Spec
.


22 Jan 2009   #4

Win 7
 
 

Quote   Quote: Originally Posted by johngalt View Post
whoops - that is pretty serious.

I have Windows 7 installed and we use XP at school so I can try this as long as I have terminal services installed - I'll give it a whirl.

Nice find, and if it happens to work even on these computers that I have access to that are joined on a Domain, this is pretty serious stuff.

thanks johngalt..it would be of much help if you can reproduce the same scenario at your end post the findings..
My System SpecsSystem Spec
23 Jan 2009   #5

 

Will do.

Murthy - from India?
My System SpecsSystem Spec
23 Jan 2009   #6

Windows 7 Ultimate Build 7000
 
 

Oh not cool. I just tried this at work. VPN'd into the coporate network from my Windows 7 laptop and shutdown my company workstation (xp.sp3, domain member).
My System SpecsSystem Spec
23 Jan 2009   #7

Win 7
 
 

Quote   Quote: Originally Posted by johngalt View Post
Will do.

Murthy - from India?
yup I am from India..thanks for trying to reproduce the scenario...i will be waitng for your inputs.
My System SpecsSystem Spec
23 Jan 2009   #8

Win 7
 
 

Quote   Quote: Originally Posted by redtech View Post
Oh not cool. I just tried this at work. VPN'd into the coporate network from my Windows 7 laptop and shutdown my company workstation (xp.sp3, domain member).
Hay thnks for your inputs...this is a very serious security threat...what we have understood is when a remote user tries to "forcefully shut down the host system" it doesnt check for user rights.
My System SpecsSystem Spec
23 Jan 2009   #9

Windows 7 Ultimate Vista Ultimate x64
 
 

Have you sent some feedback to Microsoft about this yet, I'm sure they will want to fix this as soon as possible.
My System SpecsSystem Spec
23 Jan 2009   #10

Win 7
 
 

Yes we did
My System SpecsSystem Spec
Reply

 Non-Admin User remotely shuts down the Host system




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:32 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33