Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Non-Admin User remotely shuts down the Host system

21 Jan 2009   #1
murthy

Win 7
 
 
Non-Admin User remotely shuts down the Host system

Non-Admin User remotely shuts down the Host system

Description: Non-administrative users can remotely shut down a Windows XP Service Pack 3-based system by using the terminal service command TSShutdn.exe command from Win 7 system.

Environment:
Host: CPU- Pentium[R] D 2.80 GHz
Operating System- Windows XP with SP3
RAM- 1 GB

Client: CPU - Pentium[R] D 2.80 GHz
Operating System- Win 7
RAM- 1 GB
Repro Steps:
Configuration on Host PC:
  • Goto Computer Management (My Computer->Manage).
  • Create a local user (Non-Admin User)
  • Add the local user to the “Remote Desktop Users Group”
  • Log Off from the host system (XP SP3)

Remote Login through Client PC:
  • Login to the host system remotely using the Host system local user credentials (Created in step 2)
  • Goto command prompt type the terminal service command “tsshutdn.exe”.
  • The system prompts “The system will shutdown in less than 60 sec”.
  • The host PC is shutdown

Expected result: Local user (Non-Admin users) shouldn’t able to shut down the system remotely.
Actual Result: Local user (Non-Admin users) was able to shut down the system remotely.


Remarks:
The scenario is even true when the host is Win 7 and client is – XP with SP3


My System SpecsSystem Spec
.
21 Jan 2009   #2
murthy

Win 7
 
 

It ststes that it has been fixed in XP-SP2 and even in SP3, we need clarity for this...as we were able to reproduce this in XP sp3 and WIN 7....
My System SpecsSystem Spec
22 Jan 2009   #3
johngalt

 

whoops - that is pretty serious.

I have W7 installed and we use XP at school so I can try this as long as I have terminal services installed - I'll give it a whirl.

Nice find, and if it happens to work even on these computers that I have access to that are joined on a Domain, this is pretty serious stuff.
My System SpecsSystem Spec
.

22 Jan 2009   #4
murthy

Win 7
 
 

Quote   Quote: Originally Posted by johngalt View Post
whoops - that is pretty serious.

I have W7 installed and we use XP at school so I can try this as long as I have terminal services installed - I'll give it a whirl.

Nice find, and if it happens to work even on these computers that I have access to that are joined on a Domain, this is pretty serious stuff.

thanks johngalt..it would be of much help if you can reproduce the same scenario at your end post the findings..
My System SpecsSystem Spec
23 Jan 2009   #5
johngalt

 

Will do.

Murthy - from India?
My System SpecsSystem Spec
23 Jan 2009   #6
redtech

Windows 7 Ultimate Build 7000
 
 

Oh not cool. I just tried this at work. VPN'd into the coporate network from my W7 laptop and shutdown my company workstation (xp.sp3, domain member).
My System SpecsSystem Spec
23 Jan 2009   #7
murthy

Win 7
 
 

Quote   Quote: Originally Posted by johngalt View Post
Will do.

Murthy - from India?
yup I am from India..thanks for trying to reproduce the scenario...i will be waitng for your inputs.
My System SpecsSystem Spec
23 Jan 2009   #8
murthy

Win 7
 
 

Quote   Quote: Originally Posted by redtech View Post
Oh not cool. I just tried this at work. VPN'd into the coporate network from my W7 laptop and shutdown my company workstation (xp.sp3, domain member).
Hay thnks for your inputs...this is a very serious security threat...what we have understood is when a remote user tries to "forcefully shut down the host system" it doesnt check for user rights.
My System SpecsSystem Spec
23 Jan 2009   #9
Mark

Windows 7 Ultimate Vista Ultimate x64
 
 

Have you sent some feedback to Microsoft about this yet, I'm sure they will want to fix this as soon as possible.
My System SpecsSystem Spec
23 Jan 2009   #10
murthy

Win 7
 
 

Yes we did
My System SpecsSystem Spec
Reply

 Non-Admin User remotely shuts down the Host system




Thread Tools




Similar help and support threads
Thread Forum
Stand-Alone System all User and Admin Accounts are locked out
I am running Windows 7 64bit, 32GB Ram, Dual 10 core processors. All accounts on the box will randomly get locked out. This lockout is occurring "at least on the surface" with no repeated log-on attempts or no repeated bad password entries. Simply press a keyboard or move the mouse to unlock...
General Discussion
How to identify current user when remotely accessing computer
I use "Teamveiwer" to access my daughters computer. I can and do this, sometimes, unattended. On occasion I see one of the children, in their teens, viewing inappropriate content. But I don't know which child. They each have their own account that are PW protected. I would like to place, on their...
Network & Sharing
Admin User Error5. CMD solutions failed. New User with ADMIN works
Thank you! I am admin ( WIN 7 Pro 64 computer 4 years old): In admin user default account, any and ALL open, and .exe functions denied. CMD right click 'run as admin' (net user admin etc.) has no effect. Checking all folders I show FULL permission. Right click 'run as admin' has no effect...
General Discussion
New admin user acting differently than standard user changed to admin
I have created two new user accounts. The first I set up as a standard account, logged on, did a few things, then logged off, logged on as my administrator account and editted the account to be an administrator. When I log back on as this account, it appears that the user still does not have...
General Discussion
tried to remove admin password on PC - now read only - system shuts do
Logging as administrator, I tried to remove admin password. It wouldn't let me do it and now, when I restart and click on the admin icon to log in, it tells me the system is read only and shuts down. If I run f2, f8, etc. the computer shuts down after 30 seconds or so. Please HELP ASAP!!!
General Discussion
I'm looking for a way to remotely open explorer window as admin
Hello All, Company i work for just started implementing Win7. Since change from XP we (local IT) lost possibility to use command "runas /user:…. "explorer /separate" " which we used to remotely connect to network drives which normal users dont have access to (drives with applications, updates,...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:16.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App