Which computer needs SeRemoteShutdownPrivilege to shut down a remote system?












0














Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe. I keep reading that this requires SeRemoteShutdownPrivilege. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?










share|improve this question


















  • 1




    The user who performed the action
    – Ramhound
    Dec 14 at 22:51










  • @Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant SeRemoteShutdownPrivilege to itself, so it had be done via secpol, right?
    – c00000fd
    Dec 14 at 23:30
















0














Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe. I keep reading that this requires SeRemoteShutdownPrivilege. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?










share|improve this question


















  • 1




    The user who performed the action
    – Ramhound
    Dec 14 at 22:51










  • @Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant SeRemoteShutdownPrivilege to itself, so it had be done via secpol, right?
    – c00000fd
    Dec 14 at 23:30














0












0








0







Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe. I keep reading that this requires SeRemoteShutdownPrivilege. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?










share|improve this question













Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe. I keep reading that this requires SeRemoteShutdownPrivilege. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?







windows-7 shutdown power-management privileges rpc






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 14 at 22:42









c00000fd

1562616




1562616








  • 1




    The user who performed the action
    – Ramhound
    Dec 14 at 22:51










  • @Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant SeRemoteShutdownPrivilege to itself, so it had be done via secpol, right?
    – c00000fd
    Dec 14 at 23:30














  • 1




    The user who performed the action
    – Ramhound
    Dec 14 at 22:51










  • @Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant SeRemoteShutdownPrivilege to itself, so it had be done via secpol, right?
    – c00000fd
    Dec 14 at 23:30








1




1




The user who performed the action
– Ramhound
Dec 14 at 22:51




The user who performed the action
– Ramhound
Dec 14 at 22:51












@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant SeRemoteShutdownPrivilege to itself, so it had be done via secpol, right?
– c00000fd
Dec 14 at 23:30




@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant SeRemoteShutdownPrivilege to itself, so it had be done via secpol, right?
– c00000fd
Dec 14 at 23:30










2 Answers
2






active

oldest

votes


















1














From your link : "User" Right: Force shutdown from a remote system."



So it would be the user that performs the privileged shutdown.






share|improve this answer





























    0














    There is a better description of SeRemoteShutdownPrivilege in the Microsoft
    article
    Force shutdown from a remote system:




    This security setting determines which users are allowed to shut down a device
    from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
    from a remote location.




    The permission then needs to be granted on the computer that is to be shutdown
    remotely. The account that is used is the local account that corresponds
    to the remote account that will issue the shutdown request.



    This is only logical, since otherwise any remote account that has this permission
    will be able to shutdown any computer on the local network.



    The situation is clearer in a domain, when the remote user is logged-in using
    a domain account that will be recognized on the target computer.






    share|improve this answer





















    • Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give SeRemoteShutdownPrivilege permission to?
      – c00000fd
      Dec 15 at 20:20










    • I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
      – harrymc
      Dec 15 at 21:03











    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383708%2fwhich-computer-needs-seremoteshutdownprivilege-to-shut-down-a-remote-system%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    From your link : "User" Right: Force shutdown from a remote system."



    So it would be the user that performs the privileged shutdown.






    share|improve this answer


























      1














      From your link : "User" Right: Force shutdown from a remote system."



      So it would be the user that performs the privileged shutdown.






      share|improve this answer
























        1












        1








        1






        From your link : "User" Right: Force shutdown from a remote system."



        So it would be the user that performs the privileged shutdown.






        share|improve this answer












        From your link : "User" Right: Force shutdown from a remote system."



        So it would be the user that performs the privileged shutdown.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 14 at 23:03









        Moab

        51k1494160




        51k1494160

























            0














            There is a better description of SeRemoteShutdownPrivilege in the Microsoft
            article
            Force shutdown from a remote system:




            This security setting determines which users are allowed to shut down a device
            from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
            from a remote location.




            The permission then needs to be granted on the computer that is to be shutdown
            remotely. The account that is used is the local account that corresponds
            to the remote account that will issue the shutdown request.



            This is only logical, since otherwise any remote account that has this permission
            will be able to shutdown any computer on the local network.



            The situation is clearer in a domain, when the remote user is logged-in using
            a domain account that will be recognized on the target computer.






            share|improve this answer





















            • Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give SeRemoteShutdownPrivilege permission to?
              – c00000fd
              Dec 15 at 20:20










            • I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
              – harrymc
              Dec 15 at 21:03
















            0














            There is a better description of SeRemoteShutdownPrivilege in the Microsoft
            article
            Force shutdown from a remote system:




            This security setting determines which users are allowed to shut down a device
            from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
            from a remote location.




            The permission then needs to be granted on the computer that is to be shutdown
            remotely. The account that is used is the local account that corresponds
            to the remote account that will issue the shutdown request.



            This is only logical, since otherwise any remote account that has this permission
            will be able to shutdown any computer on the local network.



            The situation is clearer in a domain, when the remote user is logged-in using
            a domain account that will be recognized on the target computer.






            share|improve this answer





















            • Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give SeRemoteShutdownPrivilege permission to?
              – c00000fd
              Dec 15 at 20:20










            • I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
              – harrymc
              Dec 15 at 21:03














            0












            0








            0






            There is a better description of SeRemoteShutdownPrivilege in the Microsoft
            article
            Force shutdown from a remote system:




            This security setting determines which users are allowed to shut down a device
            from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
            from a remote location.




            The permission then needs to be granted on the computer that is to be shutdown
            remotely. The account that is used is the local account that corresponds
            to the remote account that will issue the shutdown request.



            This is only logical, since otherwise any remote account that has this permission
            will be able to shutdown any computer on the local network.



            The situation is clearer in a domain, when the remote user is logged-in using
            a domain account that will be recognized on the target computer.






            share|improve this answer












            There is a better description of SeRemoteShutdownPrivilege in the Microsoft
            article
            Force shutdown from a remote system:




            This security setting determines which users are allowed to shut down a device
            from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart)
            from a remote location.




            The permission then needs to be granted on the computer that is to be shutdown
            remotely. The account that is used is the local account that corresponds
            to the remote account that will issue the shutdown request.



            This is only logical, since otherwise any remote account that has this permission
            will be able to shutdown any computer on the local network.



            The situation is clearer in a domain, when the remote user is logged-in using
            a domain account that will be recognized on the target computer.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Dec 15 at 19:25









            harrymc

            253k12259560




            253k12259560












            • Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give SeRemoteShutdownPrivilege permission to?
              – c00000fd
              Dec 15 at 20:20










            • I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
              – harrymc
              Dec 15 at 21:03


















            • Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give SeRemoteShutdownPrivilege permission to?
              – c00000fd
              Dec 15 at 20:20










            • I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
              – harrymc
              Dec 15 at 21:03
















            Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give SeRemoteShutdownPrivilege permission to?
            – c00000fd
            Dec 15 at 20:20




            Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give SeRemoteShutdownPrivilege permission to?
            – c00000fd
            Dec 15 at 20:20












            I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
            – harrymc
            Dec 15 at 21:03




            I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission.
            – harrymc
            Dec 15 at 21:03


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383708%2fwhich-computer-needs-seremoteshutdownprivilege-to-shut-down-a-remote-system%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

            Mangá

            Eduardo VII do Reino Unido