How to allow or prevent non-admin users from rebooting or shutting down Windows

How to allow or prevent non-admin users from rebooting or shutting down Windows

Introduction

When a computer machine is shut down, all its software processes are stopped, the users will be signed out, and the hardware will be completely shut down. Depending on the circumstance, this may or may not be beneficial. For example, some servers must not be shut down unless they are due for maintenance. On the other hand, there may be a necessity where a non-administrator might be required to shut down or reboot a system. So, in this article, we will take a look at granting or denying privileges for a non-administrator user to shut down or reboot a Windows system. The process can be done using Group Policy Objects (GPO).

Note: The processes mentioned in this apply to Windows 10, and Windows Server 2012 R2 and above.

Allowing/denying shutdown and reboot privileges using GPO

In order to check which users are granted the shutdown/reboot privileges for Windows 10 computers, you can perform the following steps:
  1. To open the Local Group Policy Editor, go to Start, search gpedit.msc, and click on the Edit Group Policy search result. Alternatively, you can press Windows key + R to open the Run tool, type gpedit.msc, and press Enter. The Local Group Policy Editor console will open.
  2. In the left pane, navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.
  3. In the right pane, among the list of policies, click on the Shut down the system policy.
You will be able to view the users that have the privileges to shut down r restart a Windows 10 computer. By default, administrators, backup operators, and users are given the privileges.
 
To remove the privileges from users, you can perform the following steps:
  1. Click on Users, and click Remove.
  2. Click OK to confirm the action.
If you want to add a specific user or a group to have the privileges, you can perform the following steps:
  1. Click on Add User or Group.
  2. In the dialogue box that pops up, select the type of object in the Select this object type section, such as users or built-in security principals.
  3. Under the From this location, section select the location where the particular user or group is present.
  4. Enter the name of the user or group, then click OK. Click OK in the Shut down the system Properties window to confirm the action.

Disable Shutdown, Restart, Sleep, and Hibernate options

An alternative method to prevent users from shutting down a computer system is to disable the option altogether. This can also be done using GPOs. This method is applicable to Windows 10 systems. To disable the options, you can perform the following steps:

  1. To open the Local Group Policy Editor, go to Start, search gpedit.msc, and click on the Edit Group Policy search result. Alternatively, you can press Windows key + R to open the Run tool, type gpedit.msc, and press Enter. The Local Group Policy Editor console will open.
  2. In the left pane, navigate to User Configuration -> Administrative Templates, Start Menu and Taskbar.
  3. In the right pane, among the list of options, click on the Remove and prevent access to the Shutdown, Restart, Sleep, and Hibernate commands policy.
  4. In the window that pops up, select Enable.
  5. Click OK to confirm the action.

How to allow users to shut down or restart computer remotely without administrator privileges

In an event where an administrator may want to shut down or restart a system, but is not available to perform the process, permission can be granted to a non-administrator user to perform the action. Here's how you can allow a user to do it:
  1. To open the Local Group Policy Editor, go to Start, search gpedit.msc, and click on the Edit Group Policy search result. Alternatively, you can press Windows key + R to open the Run tool, type gpedit.msc, and press Enter. The Local Group Policy Editor console will open.
  2. In the left pane, navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.
  3. In the right pane, among the list of policies, click on the Force shutdown from a remote system policy.
  4. In the window that pops up, click Add User or group to add the preferred user.
  5. Click OK to confirm the action.

    • Related Articles

    • Using GPO to prevent access to desktop application

      Introduction Security breaches via unauthorized application access are a growing concern for system administrators. The challenge of mitigating such vulnerabilities, while ensuring that essential applications remain accessible, is intensified by the ...

    • Dism Cleanup Image: Streamline Your Windows System

      If you're a Windows user, you may have encountered situations where your system starts to accumulate unnecessary files and consumes valuable disk space. These files can slow down your computer and affect its overall performance. However, there's a ...

    • Quickly Check Windows Server Uptime

      A system is only useful as long as it is up and running. Server administrators use a utility called "Windows Uptime" as a measurement to troubleshoot day-to-day issues that can arise in the Windows environment. A computer with a high downtime has ...

    • How to Restrict Users from Executing Malicious Code from the Internet

      In an organization, it is likely that some users, unknowingly, can help an attacker by downloading or executing a malicious set of code. This is especially true when users meddle with a browser, which can be the primary origin of malicious. ...

    • Comparison of Active Directory and Windows NT

      It is at this juncture (when centralized computing and resource management was a demand that grew imperative every day) that Microsoft came up with Windows NT, which simplified and enhanced the domain-centric approach to resource management in its ...