Stop Remote Shutdown

[HalesowenTechie]

Hi there,

I work for a college in the IT department and my knowledge is lacking in the remote shutdown area and is being exploited by my fellow workers.

The computers are connected to a domain and our computers are named via the tag number of the machine and we do not use roaming profiles. I know how to send a shutdown request, but I don't know how to stop it.

Can someone please help?

 

[benjy206]

Hi HalesowenTechie and welcome to Seven Forums.

Is someone sending out a command to remote shutdown a pc/pc's?

I will need more info on this.

Is it just one pc or all pc's?

 

[HalesowenTechie]

Yes, they are using CMD to do it or on their wirless devices ie iPhone

Just mine in the office, they are doing it as a prank tbh *lol* I just want to know how to stop it.

 

[benjy206]

You can go to the computer and go to this: You can disable this in the Local/Domain Security Policy.

Local Policies -> User Rights Assignment -> Shutdown the System.

This will stop anyone if you remove every user from this.

 

[Golden]

Have you tried setting up the Remote connections like this:

 

[HalesowenTechie]

You can go to the computer and go to this: You can disable this in the Local/Domain Security Policy.

Local Policies -> User Rights Assignment -> Shutdown the System.

This will stop anyone if you remove every user from this.

Unfortunately that didn't work.

It's my Staff machine which is what I am using in the techie office. I have access to AD n' such on in order to resolve issues and I need to be able to remote into my computer from other accounts if necessary to resolve account issues.

Because I don't know how to stop their remote shutdown commands via CMD they are doing it as a prank and I have no idea to stop it. I have tried removing the users on the local shutdown policy but that didn't work. Would I be correct in assuming that it is because the group policies are applied through AD?!? Just to note, that the group policies are infact applied through AD here.

 

[benjy206]

Ok well they would need administrator password to do this so?

 

[HalesowenTechie]

Well yes, it is the other techies in the office in my team, playing this prank. We all have admin rights to do our job.

 

[benjy206]

Oh so it's not students.

Here yo go try this:
How To Disable/Remove Shutdown From Windows 7 / Vista / XP

 

[HalesowenTechie]

They aren't doing this on my machine because i'm already on it...they are remotely shutting down from CMD on their computer to mine. Or would that guide prevent that?!?

 

[HalesowenTechie]

I do lock my computer on a regular basis btw when I am out of the office. They don't use my machine to remotely shutdown my machine.

 

[benjy206]

At the end of the guide you need to look at never mind the start menu part.

It's very hard to do when there on the same level as you. But i should work.

 

[HalesowenTechie]

They have just been giving me clues I just don't know what I am doing wrong in order to stop it. I have created a BAT file and they said something about adding a task to the event viewer...which I have done but that isn't working :S

 

[benjy206]

Here you go save you all the hassle just use this program. In here it shows you about the bat file also: How to Block Remote Shutdown: 15 Steps - wikiHow

 

[HalesowenTechie]

Ok, so I have found the event in event viewer and attatched a task to runt the "shutdown -a" command when the command is issued. It executes fine, but then they did it again and it executed, but shut down anyway. I asked them to do it again, only this time give me 30 seconds and when I typed in "shutdown -a" it said "access denied."

Somewhere down the line, I have disabled something when I first tried to stop them doing it. I have gone back over to the Local Policies and put the access rights back in. I just can't remember if there is anything else I have removed in order to try and stop them...any Ideas?!?

 

[benjy206]

Did you try that program I gave you?

 

[benjy206]

Ok this is my last option

Take the administrator out of this and it SHOULD work

 

[HalesowenTechie]

I got it working the way I said above, the only problem being that the bat didn't execute because I have removed permissions somewhere and I cannot remember how. When I type in CMD "shutdown -a" it says "Access Denied" I know I have removed something but I cannot remember what.

 

[benjy206]

Re-Check here: Local Policies -> User Rights Assignment -> Shutdown the System

 

[benjy206]

Also the .bat file will only work if they give you time. If they send a command with no time, you wont have time to get the bat file open