Difference between revisions of "Allow standard users to RPC reboot server"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) (→Script) |
||
| Line 17: | Line 17: | ||
set numa=0 | set numa=0 | ||
set numb=0 | set numb=0 | ||
| − | set server= | + | set server=server.tld |
:Reboot server | :Reboot server | ||
shutdown /r /t 0 /m \\%server% | shutdown /r /t 0 /m \\%server% | ||
if errorlevel 1 ( | if errorlevel 1 ( | ||
| − | echo | + | echo Was unable to reboot the server, contact the helpdesk. & pause |
| − | + | exit) | |
| − | ) | + | if errorlevel 0 (echo Waiting ~60 seconds for %server% to go offline... & goto pingtest1) |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | :pingtest1 | |
| − | + | ping -n 2 %server% | find "TTL=" >nul | |
| − | + | if errorlevel 0 (if %numa% == 60 ( echo %server% has not shutdown in 60 seconds. & echo Contact the helpdesk. & pause | |
| − | + | exit) else (set /A numa="numa + 1" & goto :pingtest1)) | |
| − | + | if errorlevel 1 ( echo Waiting ~60 seconds for %server% & echo to come back online & goto :pingtest2 ) | |
| − | + | ||
| − | + | :pingtest2 | |
| − | + | ping -n 2 %server% | find "TTL=" >nul | |
| − | + | if errorlevel 1 (if %numa% == 60 (echo %server% has not come back online & echo in 60 seconds. Contact the helpdesk. & pause | |
| − | + | exit) else (set /A numa="numa + 1" & goto :pingtest2) | |
| − | + | if errorlevel 0 (echo %server% is back online & pause | |
| − | + | exit) | |
| − | + | ||
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
</pre> | </pre> | ||
Revision as of 16:25, 25 October 2018
Purpose
I have a server that I like to pretend does not exist (like I do with most of my Windows servers). This system is dedicated to one department, so it makes sense to allow them the ability to reboot the server.
Permissions
Going into this I assume standard users can not use RPC shutdown. So in this case we need to allow them to reboot without being able to break anything.
[1]
- Open secpol.msc
- Navigate to Local Policies -> User Rights Assignment -> Force shutdown from a remote system
- Add the user or group you want to allow remote shutdown rights to.
Script
Obviously we can not simply tell people what to type into a terminal. Also they would not know if the system was back online or not anyway.
This is a WIP, has not been tested yet. Just wanted to get it recorded[2][3][4][5]
@echo off set numa=0 set numb=0 set server=server.tld :Reboot server shutdown /r /t 0 /m \\%server% if errorlevel 1 ( echo Was unable to reboot the server, contact the helpdesk. & pause exit) if errorlevel 0 (echo Waiting ~60 seconds for %server% to go offline... & goto pingtest1) :pingtest1 ping -n 2 %server% | find "TTL=" >nul if errorlevel 0 (if %numa% == 60 ( echo %server% has not shutdown in 60 seconds. & echo Contact the helpdesk. & pause exit) else (set /A numa="numa + 1" & goto :pingtest1)) if errorlevel 1 ( echo Waiting ~60 seconds for %server% & echo to come back online & goto :pingtest2 ) :pingtest2 ping -n 2 %server% | find "TTL=" >nul if errorlevel 1 (if %numa% == 60 (echo %server% has not come back online & echo in 60 seconds. Contact the helpdesk. & pause exit) else (set /A numa="numa + 1" & goto :pingtest2) if errorlevel 0 (echo %server% is back online & pause exit)
- ↑ https://superuser.com/questions/332548/how-can-i-allow-non-administrators-to-use-shutdown-exe
- ↑ https://stackoverflow.com/questions/21245545/ping-test-using-bat-file-trouble-with-errorlevel
- ↑ https://stackoverflow.com/questions/1788473/while-loop-in-batch
- ↑ https://ss64.com/nt/set.html
- ↑ https://stackoverflow.com/questions/132799/how-can-you-echo-a-newline-in-batch-files
