Which computer needs SeRemoteShutdownPrivilege to shut down a remote system?
Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe
. I keep reading that this requires SeRemoteShutdownPrivilege
. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?
windows-7 shutdown power-management privileges rpc
add a comment |
Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe
. I keep reading that this requires SeRemoteShutdownPrivilege
. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?
windows-7 shutdown power-management privileges rpc
1
The user who performed the action
– Ramhound
Dec 14 at 22:51
@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grantSeRemoteShutdownPrivilege
to itself, so it had be done viasecpol
, right?
– c00000fd
Dec 14 at 23:30
add a comment |
Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe
. I keep reading that this requires SeRemoteShutdownPrivilege
. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?
windows-7 shutdown power-management privileges rpc
Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe
. I keep reading that this requires SeRemoteShutdownPrivilege
. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?
windows-7 shutdown power-management privileges rpc
windows-7 shutdown power-management privileges rpc
asked Dec 14 at 22:42
c00000fd
1562616
1562616
1
The user who performed the action
– Ramhound
Dec 14 at 22:51
@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grantSeRemoteShutdownPrivilege
to itself, so it had be done viasecpol
, right?
– c00000fd
Dec 14 at 23:30
add a comment |
1
The user who performed the action
– Ramhound
Dec 14 at 22:51
@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grantSeRemoteShutdownPrivilege
to itself, so it had be done viasecpol
, right?
– c00000fd
Dec 14 at 23:30
1
1
The user who performed the action
– Ramhound
Dec 14 at 22:51
The user who performed the action
– Ramhound
Dec 14 at 22:51
@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant
SeRemoteShutdownPrivilege
to itself, so it had be done via secpol
, right?– c00000fd
Dec 14 at 23:30
@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant
SeRemoteShutdownPrivilege
to itself, so it had be done via secpol
, right?– c00000fd
Dec 14 at 23:30
add a comment |
2 Answers
2
active
oldest
votes
From your link : "User" Right: Force shutdown from a remote system."
So it would be the user that performs the privileged shutdown.
add a comment |
There is a better description of SeRemoteShutdownPrivilege
in the Microsoft
article
Force shutdown from a remote system:
This security setting determines which users are allowed to shut down a device
from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
from a remote location.
The permission then needs to be granted on the computer that is to be shutdown
remotely. The account that is used is the local account that corresponds
to the remote account that will issue the shutdown request.
This is only logical, since otherwise any remote account that has this permission
will be able to shutdown any computer on the local network.
The situation is clearer in a domain, when the remote user is logged-in using
a domain account that will be recognized on the target computer.
Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to giveSeRemoteShutdownPrivilege
permission to?
– c00000fd
Dec 15 at 20:20
I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
– harrymc
Dec 15 at 21:03
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383708%2fwhich-computer-needs-seremoteshutdownprivilege-to-shut-down-a-remote-system%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
From your link : "User" Right: Force shutdown from a remote system."
So it would be the user that performs the privileged shutdown.
add a comment |
From your link : "User" Right: Force shutdown from a remote system."
So it would be the user that performs the privileged shutdown.
add a comment |
From your link : "User" Right: Force shutdown from a remote system."
So it would be the user that performs the privileged shutdown.
From your link : "User" Right: Force shutdown from a remote system."
So it would be the user that performs the privileged shutdown.
answered Dec 14 at 23:03
Moab
51k1494160
51k1494160
add a comment |
add a comment |
There is a better description of SeRemoteShutdownPrivilege
in the Microsoft
article
Force shutdown from a remote system:
This security setting determines which users are allowed to shut down a device
from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
from a remote location.
The permission then needs to be granted on the computer that is to be shutdown
remotely. The account that is used is the local account that corresponds
to the remote account that will issue the shutdown request.
This is only logical, since otherwise any remote account that has this permission
will be able to shutdown any computer on the local network.
The situation is clearer in a domain, when the remote user is logged-in using
a domain account that will be recognized on the target computer.
Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to giveSeRemoteShutdownPrivilege
permission to?
– c00000fd
Dec 15 at 20:20
I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
– harrymc
Dec 15 at 21:03
add a comment |
There is a better description of SeRemoteShutdownPrivilege
in the Microsoft
article
Force shutdown from a remote system:
This security setting determines which users are allowed to shut down a device
from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
from a remote location.
The permission then needs to be granted on the computer that is to be shutdown
remotely. The account that is used is the local account that corresponds
to the remote account that will issue the shutdown request.
This is only logical, since otherwise any remote account that has this permission
will be able to shutdown any computer on the local network.
The situation is clearer in a domain, when the remote user is logged-in using
a domain account that will be recognized on the target computer.
Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to giveSeRemoteShutdownPrivilege
permission to?
– c00000fd
Dec 15 at 20:20
I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
– harrymc
Dec 15 at 21:03
add a comment |
There is a better description of SeRemoteShutdownPrivilege
in the Microsoft
article
Force shutdown from a remote system:
This security setting determines which users are allowed to shut down a device
from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
from a remote location.
The permission then needs to be granted on the computer that is to be shutdown
remotely. The account that is used is the local account that corresponds
to the remote account that will issue the shutdown request.
This is only logical, since otherwise any remote account that has this permission
will be able to shutdown any computer on the local network.
The situation is clearer in a domain, when the remote user is logged-in using
a domain account that will be recognized on the target computer.
There is a better description of SeRemoteShutdownPrivilege
in the Microsoft
article
Force shutdown from a remote system:
This security setting determines which users are allowed to shut down a device
from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
from a remote location.
The permission then needs to be granted on the computer that is to be shutdown
remotely. The account that is used is the local account that corresponds
to the remote account that will issue the shutdown request.
This is only logical, since otherwise any remote account that has this permission
will be able to shutdown any computer on the local network.
The situation is clearer in a domain, when the remote user is logged-in using
a domain account that will be recognized on the target computer.
answered Dec 15 at 19:25
harrymc
253k12259560
253k12259560
Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to giveSeRemoteShutdownPrivilege
permission to?
– c00000fd
Dec 15 at 20:20
I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
– harrymc
Dec 15 at 21:03
add a comment |
Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to giveSeRemoteShutdownPrivilege
permission to?
– c00000fd
Dec 15 at 20:20
I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
– harrymc
Dec 15 at 21:03
Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give
SeRemoteShutdownPrivilege
permission to?– c00000fd
Dec 15 at 20:20
Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give
SeRemoteShutdownPrivilege
permission to?– c00000fd
Dec 15 at 20:20
I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
– harrymc
Dec 15 at 21:03
I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
– harrymc
Dec 15 at 21:03
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383708%2fwhich-computer-needs-seremoteshutdownprivilege-to-shut-down-a-remote-system%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
The user who performed the action
– Ramhound
Dec 14 at 22:51
@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant
SeRemoteShutdownPrivilege
to itself, so it had be done viasecpol
, right?– c00000fd
Dec 14 at 23:30