Allow standard users to RPC reboot server
Revision as of 14:22, 17 October 2018 by Michael.mast (talk | contribs)
Purpose
I have a server that I like to pretend does not exist (like I do with most of my Windows servers). This system is dedicated to one department, so it makes sense to allow them the ability to reboot the server.
Permissions
Going into this I assume standard users can not use RPC shutdown. So in this case we need to allow them to reboot without being able to break anything.
[1]
- Open secpol.msc
- Navigate to Local Policies -> User Rights Assignment -> Force shutdown from a remote system
- Add the user or group you want to allow remote shutdown rights to.
Script
Obviously we can not simply tell people what to type into a terminal. Also they would not know if the system was back online or not anyway.
This is a WIP, has not been tested yet. Just wanted to get it recorded[2][3][4][5]
@echo off set numa=0 set numb=0 set server=<yourserver> :Reboot server shutdown /r /t 0 /m \\%server% if errorlevel 1 ( echo "Was unable to reboot the server, contact the helpdesk." pause ) else ( :pingtest1 ping -n 1 %server% | find "TTL=" >nul if errorlevel 0 ( if %numa% == 60 ( echo Server has shutdown in 60 seconds. & echo Contact the helpdesk. set /A numa="numa + 1" goto :pingtest1) else ( :pingtest2 ping -n 1 %server% | find "TTL=" >nul if errorlevel 1 ( if %numb% == 60 ( echo Server has not responded after 60 seconds. & echo Please contact the helpdesk. pause) else (set /A numb="numb + 1" goto :pingtest2) else ( echo Server should be back up. & If problem persists contact the helpdesk. pause) ) )
- ↑ https://superuser.com/questions/332548/how-can-i-allow-non-administrators-to-use-shutdown-exe
- ↑ https://stackoverflow.com/questions/21245545/ping-test-using-bat-file-trouble-with-errorlevel
- ↑ https://stackoverflow.com/questions/1788473/while-loop-in-batch
- ↑ https://ss64.com/nt/set.html
- ↑ https://stackoverflow.com/questions/132799/how-can-you-echo-a-newline-in-batch-files
