Allow standard users to RPC reboot server

From Michael's Information Zone
Revision as of 16:26, 25 October 2018 by Michael.mast (talk | contribs) (→‎Script)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Purpose

I have a server that I like to pretend does not exist (like I do with most of my Windows servers). This system is dedicated to one department, so it makes sense to allow them the ability to reboot the server.

Permissions

Going into this I assume standard users can not use RPC shutdown. So in this case we need to allow them to reboot without being able to break anything.
[1]

  • Open secpol.msc
  • Navigate to Local Policies -> User Rights Assignment -> Force shutdown from a remote system
  • Add the user or group you want to allow remote shutdown rights to.

Script

Obviously we can not simply tell people what to type into a terminal. Also they would not know if the system was back online or not anyway.

This is a WIP, has not been tested yet. Just wanted to get it recorded[2][3][4][5][6]

@echo off
set numa=0
set numb=0
set server=server.tld
:Reboot server
shutdown /r /t 0 /m \\%server%
if errorlevel 1 (
	echo Was unable to reboot the server, contact the helpdesk. & pause
	exit)
	 if errorlevel 0 (echo Waiting ~60 seconds for %server% to go offline... & goto pingtest1)

	 
	 
:pingtest1
ping -n 2 %server% | find "TTL=" >nul
if errorlevel 0 (if %numa% == 60 ( echo %server% has not shutdown in 60 seconds. & echo Contact the helpdesk. & pause
				exit) else (set /A numa="numa + 1" & goto :pingtest1))
		if errorlevel 1 ( echo Waiting ~60 seconds for %server% & echo to come back online & goto :pingtest2 )

:pingtest2
ping -n 2 %server% | find "TTL=" >nul
if errorlevel 1 (if %numa% == 60 (echo %server% has not come back online & echo in 60 seconds. Contact the helpdesk. & pause
				exit) else (set /A numa="numa + 1" & goto :pingtest2)
if errorlevel 0 (echo %server% is back online &	 pause
		exit)