Difference between revisions of "Allow standard users to RPC reboot server"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) (→Script) |
Michael.mast (talk | contribs) |
||
| Line 14: | Line 14: | ||
This is a WIP, has not been tested yet. Just wanted to get it recorded<ref>https://stackoverflow.com/questions/21245545/ping-test-using-bat-file-trouble-with-errorlevel</ref><ref>https://stackoverflow.com/questions/1788473/while-loop-in-batch</ref><ref>https://ss64.com/nt/set.html</ref><ref>https://stackoverflow.com/questions/132799/how-can-you-echo-a-newline-in-batch-files</ref> | This is a WIP, has not been tested yet. Just wanted to get it recorded<ref>https://stackoverflow.com/questions/21245545/ping-test-using-bat-file-trouble-with-errorlevel</ref><ref>https://stackoverflow.com/questions/1788473/while-loop-in-batch</ref><ref>https://ss64.com/nt/set.html</ref><ref>https://stackoverflow.com/questions/132799/how-can-you-echo-a-newline-in-batch-files</ref> | ||
<pre> | <pre> | ||
| − | + | @echo off | |
| + | set numa=0 | ||
| + | set numb=0 | ||
| + | set server=<yourserver> | ||
| + | :Reboot server | ||
| + | shutdown /r /t 0 /m \\%server% | ||
| + | if errorlevel 1 ( | ||
| + | echo "Was unable to reboot the server, contact the helpdesk." | ||
| + | pause | ||
| + | ) | ||
| + | else ( | ||
| + | :pingtest1 | ||
| + | ping -n 1 %server% | find "TTL=" >nul | ||
| + | if errorlevel 0 ( | ||
| + | if %numa% == 60 ( | ||
| + | echo Server has shutdown in 60 seconds. & echo Contact the helpdesk. | ||
| + | set /A numa="numa + 1" | ||
| + | goto :pingtest1) | ||
| + | else ( | ||
| + | :pingtest2 | ||
| + | ping -n 1 %server% | find "TTL=" >nul | ||
| + | if errorlevel 1 ( | ||
| + | if %numb% == 60 ( | ||
| + | echo Server has not responded after 60 seconds. & echo Please contact the helpdesk. | ||
| + | pause) | ||
| + | else (set /A numb="numb + 1" | ||
| + | goto :pingtest2) | ||
| + | else ( | ||
| + | echo Server should be back up. & If problem persists contact the helpdesk. | ||
| + | pause) | ||
| + | ) | ||
| + | ) | ||
</pre> | </pre> | ||
Revision as of 14:22, 17 October 2018
Purpose
I have a server that I like to pretend does not exist (like I do with most of my Windows servers). This system is dedicated to one department, so it makes sense to allow them the ability to reboot the server.
Permissions
Going into this I assume standard users can not use RPC shutdown. So in this case we need to allow them to reboot without being able to break anything.
[1]
- Open secpol.msc
- Navigate to Local Policies -> User Rights Assignment -> Force shutdown from a remote system
- Add the user or group you want to allow remote shutdown rights to.
Script
Obviously we can not simply tell people what to type into a terminal. Also they would not know if the system was back online or not anyway.
This is a WIP, has not been tested yet. Just wanted to get it recorded[2][3][4][5]
@echo off set numa=0 set numb=0 set server=<yourserver> :Reboot server shutdown /r /t 0 /m \\%server% if errorlevel 1 ( echo "Was unable to reboot the server, contact the helpdesk." pause ) else ( :pingtest1 ping -n 1 %server% | find "TTL=" >nul if errorlevel 0 ( if %numa% == 60 ( echo Server has shutdown in 60 seconds. & echo Contact the helpdesk. set /A numa="numa + 1" goto :pingtest1) else ( :pingtest2 ping -n 1 %server% | find "TTL=" >nul if errorlevel 1 ( if %numb% == 60 ( echo Server has not responded after 60 seconds. & echo Please contact the helpdesk. pause) else (set /A numb="numb + 1" goto :pingtest2) else ( echo Server should be back up. & If problem persists contact the helpdesk. pause) ) )
- ↑ https://superuser.com/questions/332548/how-can-i-allow-non-administrators-to-use-shutdown-exe
- ↑ https://stackoverflow.com/questions/21245545/ping-test-using-bat-file-trouble-with-errorlevel
- ↑ https://stackoverflow.com/questions/1788473/while-loop-in-batch
- ↑ https://ss64.com/nt/set.html
- ↑ https://stackoverflow.com/questions/132799/how-can-you-echo-a-newline-in-batch-files
