Non-Admin User remotely shuts down the Host system


  1. murthy
    Posts : 6
    Win 7
       New #1

    Non-Admin User remotely shuts down the Host system


    Non-Admin User remotely shuts down the Host system

    Description: Non-administrative users can remotely shut down a Windows XP Service Pack 3-based system by using the terminal service command TSShutdn.exe command from Win 7 system.

    Environment:
    Host: CPU- Pentium[R] D 2.80 GHz
    Operating System- Windows XP with SP3
    RAM- 1 GB

    Client: CPU - Pentium[R] D 2.80 GHz
    Operating System- Win 7
    RAM- 1 GB
    Repro Steps:
    Configuration on Host PC:
    • Goto Computer Management (My Computer->Manage).
    • Create a local user (Non-Admin User)
    • Add the local user to the “Remote Desktop Users Group”
    • Log Off from the host system (XP SP3)

    Remote Login through Client PC:
    • Login to the host system remotely using the Host system local user credentials (Created in step 2)
    • Goto command prompt type the terminal service command “tsshutdn.exe”.
    • The system prompts “The system will shutdown in less than 60 sec”.
    • The host PC is shutdown

    Expected result: Local user (Non-Admin users) shouldn’t able to shut down the system remotely.
    Actual Result: Local user (Non-Admin users) was able to shut down the system remotely.


    Remarks:
    The scenario is even true when the host is Win 7 and client is – XP with SP3
      My Computer
    Quote Quote

  3. murthy
    Posts : 6
    Win 7
    Thread Starter
       New #2

    It ststes that it has been fixed in XP-SP2 and even in SP3, we need clarity for this...as we were able to reproduce this in XP sp3 and WIN 7....
      My Computer
    Quote Quote

  4. johngalt
    Posts : 4,364
    Windows 11 21H2 Current build
       New #3

    whoops - that is pretty serious.

    I have W7 installed and we use XP at school so I can try this as long as I have terminal services installed - I'll give it a whirl.

    Nice find, and if it happens to work even on these computers that I have access to that are joined on a Domain, this is pretty serious stuff.
      My Computer
    Quote Quote

  6. murthy
    Posts : 6
    Win 7
    Thread Starter
       New #4

    johngalt said:
    whoops - that is pretty serious.

    I have W7 installed and we use XP at school so I can try this as long as I have terminal services installed - I'll give it a whirl.

    Nice find, and if it happens to work even on these computers that I have access to that are joined on a Domain, this is pretty serious stuff.

    thanks johngalt..it would be of much help if you can reproduce the same scenario at your end post the findings..:)
      My Computer
    Quote Quote

  7. johngalt
    Posts : 4,364
    Windows 11 21H2 Current build
       New #5

    Will do.

    Murthy - from India?
      My Computer
    Quote Quote

  8. redtech
    Posts : 1
    Windows 7 Ultimate Build 7000
       New #6

    Oh not cool. I just tried this at work. VPN'd into the coporate network from my W7 laptop and shutdown my company workstation (xp.sp3, domain member).
      My Computer
    Quote Quote

  10. murthy
    Posts : 6
    Win 7
    Thread Starter
       New #7

    johngalt said:
    Will do.

    Murthy - from India?
    yup I am from India..thanks for trying to reproduce the scenario...i will be waitng for your inputs.
      My Computer
    Quote Quote

  11. murthy
    Posts : 6
    Win 7
    Thread Starter
       New #8

    redtech said:
    Oh not cool. I just tried this at work. VPN'd into the coporate network from my W7 laptop and shutdown my company workstation (xp.sp3, domain member).
    Hay thnks for your inputs...this is a very serious security threat...what we have understood is when a remote user tries to "forcefully shut down the host system" it doesnt check for user rights.
      My Computer
    Quote Quote

  12. Mark
    Posts : 4,282
    Windows 7 Ultimate Vista Ultimate x64
       New #9

    Have you sent some feedback to Microsoft about this yet, I'm sure they will want to fix this as soon as possible.
      My Computer
    Quote Quote

  13. murthy
    Posts : 6
    Win 7
    Thread Starter
       New #10

    Yes we did
      My Computer
    Quote Quote

 

  Related Discussions
I have a user who is elderly and clicks on everything, whereupon he ends up with all manner of crapware, viruses, and so on. Believe me, I've covered this with him multiple times, and now, since I simply cannot continue to drive out there to fix it over and over and over, I have reset him...
Thank you! I am admin ( WIN 7 Pro 64 computer 4 years old): In admin user default account, any and ALL open, and .exe functions denied. CMD right click 'run as admin' (net user admin etc.) has no effect. Checking all folders I show FULL permission. Right click 'run as admin' has no effect...
I have created two new user accounts. The first I set up as a standard account, logged on, did a few things, then logged off, logged on as my administrator account and editted the account to be an administrator. When I log back on as this account, it appears that the user still does not have...
Logging as administrator, I tried to remove admin password. It wouldn't let me do it and now, when I restart and click on the admin icon to log in, it tells me the system is read only and shuts down. If I run f2, f8, etc. the computer shuts down after 30 seconds or so. Please HELP ASAP!!!
Hello All, Company i work for just started implementing Win7. Since change from XP we (local IT) lost possibility to use command "runas /user:…. "explorer /separate" " which we used to remotely connect to network drives which normal users dont have access to (drives with applications, updates,...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:33.
Find Us