Difference between revisions of "Allow standard users to RPC reboot server"

Purpose

I have a server that I like to pretend does not exist (like I do with most of my Windows servers). This system is dedicated to one department, so it makes sense to allow them the ability to reboot the server.

Permissions

Going into this I assume standard users can not use RPC shutdown. So in this case we need to allow them to reboot without being able to break anything.
^[1]

• Open secpol.msc
• Navigate to Local Policies -> User Rights Assignment -> Force shutdown from a remote system
• Add the user or group you want to allow remote shutdown rights to.

Script

Obviously we can not simply tell people what to type into a terminal. Also they would not know if the system was back online or not anyway.

This is a WIP, has not been tested yet. Just wanted to get it recorded^{[2][3][4][5][6]}

@echo off
set numa=0
set numb=0
set server=server.tld
:Reboot server
shutdown /r /t 0 /m \\%server%
if errorlevel 1 (
	echo Was unable to reboot the server, contact the helpdesk. & pause
	exit)
	 if errorlevel 0 (echo Waiting ~60 seconds for %server% to go offline... & goto pingtest1)

	 
	 
:pingtest1
ping -n 2 %server% | find "TTL=" >nul
if errorlevel 0 (if %numa% == 60 ( echo %server% has not shutdown in 60 seconds. & echo Contact the helpdesk. & pause
				exit) else (set /A numa="numa + 1" & goto :pingtest1))
		if errorlevel 1 ( echo Waiting ~60 seconds for %server% & echo to come back online & goto :pingtest2 )

:pingtest2
ping -n 2 %server% | find "TTL=" >nul
if errorlevel 1 (if %numa% == 60 (echo %server% has not come back online & echo in 60 seconds. Contact the helpdesk. & pause
				exit) else (set /A numa="numa + 1" & goto :pingtest2)
if errorlevel 0 (echo %server% is back online &	 pause
		exit)