Aaron Margosis' "Non-Admin" WebLog

I presume shutdown.exe will be fixed, at least for Vista?

Thanks a million Aaron. You made my day by providing the trick in using 'Shutdown.exe" under non-admin users. Keep it coming my man, you are the greatest!

OK. So I have given my LUA, the listed rights for a machine. I remotely attempt to shutdown the machine I had just given those rights and I receive a "A required privilege is not held by client." As a sidenote, I happen to be running the shutdown command from a RunAs prompt. Any ideas? I am trying to create a batch script for a tester to reboot his assigned machines.

Interesting -- it had never occured to me that this was an issue. I've always been running it from my MakeMeAdmin window!

Complete list of Aaron Margosis' non-admin / least privilege posts, for easy lookup.

There is another computer virus targeting Windows machines. This is not a surprise, I mean that Windows has always been a target and always will be as long as people always run Windows as Administrator instead of an unprivileged account. Apparently it is a e-mail virus requiring a less than intelligent person to click on a link in the e-mail and activate the virus. Although with Internet Explorer you can just visit a web page and you are infected. That is why a browser like Opera is a better choice. Or Firefox 1.7. Some websites have mp3's for download and require you to download some software first before you can download their files. But of course it contains a Trojan Horse and you are infected. Infecting Windows has never taken much effort on the part of the spy-ware authors. Especially those types who still run Windows '98. That OS is really insecure. But then again, so is Windows XP SP1. That is very insecure. People assume the Windows XP service pack 2 firewall is secure, but I am sure it is not. Not as secure as a dedicated Smoothwall box. Windows needs to run with more strict permissions and have greater control over which files are writable by the normal user. But that would be too much hassle for the usual Windows users who prefer to run as administrator, since they think they are gods to Computing. Slashdot fan-boys I am looking at you. And yes I am a Slashdot  person but I do not run Windows, and I do not run my computer that way. I run Linux with strict file permissions and a password on sudo. Some people just have it setup to run any command without a password but that is silly indeed. An American man is suing Apple because their Ipod music player can cause cause deafness... Turn down the volume you loser! Americans crack me up when they behave like that.

Can this action be scripted and done automatically?

I am scheduling Shutdown.exe to run thru the task scheduler.  This workaround works fine if a person is logged in, but if it's at the login screen, it will not perform a shutdown.  Aaron, is there a way to make this work for a power user when the computer is at the login screen?

when i want to remotely shut down computers, some computers will work and some computers will not.  It will say "cannot find network path"

Any Ideas?

You might need to put the PC name like \\PCName instead of PCName

Or try pinging the computer name to be sure its connected to the network.

for "shutdown.exe -s -m \\PCName" would work for windows 2000, and windows xp pro, but not for windows xp home. I have not found any info on why XP home has an issue with receiving remote shutdown commands from shutdown.exe

is there another way to shut down the PC if i dont have the "start" button, i cant right click on the desktop and alt+f4 is not allowed?

I tried to add more permissions, and I am still getting access denied.  I have these two machines, that have 2 PC's on each. They are on their own internal networks (Read: Machines not connected to each other). Both use the same logons (With Admin Rights), one machine works, one doesn't.  

The one that doesn't I can't shut down either pc from either PC.

The Shutdown.exe LUA bug appears to also effect how Wake on Lan (WOL) works.  

On my IBM ThinkCenter, shutting down remotely worked both through ctrl-alt-end and choosing shutdown, and through shutdown.exe.

However, the system would not Wake on Lan if it was shutdown with Shutdown.exe.  The workaround listed here has fixed the problem.

THANKS! This is great! Worked for me. I was simply trying to run shutdown.exe from command line from a USERS account. I applied workaround and it worked. So, now I need to know if this workaround can be applied via the REGISTRY or from a VB.NET application? Any info would be greatly appreciated.

I am trying to do the following...

use the WinXP Shutdown.exe on Win2k PC's with users in both AD and non-AD WinNT Domains,

the pc's in AD work, the pc's not in AD do not work.

I am using a shortcut to the shutdown.exe from the users desktop.

Any help appreciated.

chkidd

You know.. making sure that the Simple File Sharing was unchecked allowed me to accomplish the remote shutdown from a different computer on the same LAN.  I tried all sorts of other stuff to get the remote shutdown to work with shutdown.exe but in the end all I had to do is uncheck the use Simple File Sharing option in Folder Options\View\Adavnced Settings window.

Thanks! This seems to work. Where the setting is in the registry?

I have 2 separate networks, both with 2 xp pro boxes running in a workgroup.  Adding the INTERACTIVE account as described and unchecking simple file sharing worked on the first network, but not the second.

I still get "Access Denied" when the first box on the second network attempts to shutdown the second box.

Netbios over TCP/IP is enabled.  They can ping each other.  File sharing works.  No events are captured in the event viewer.

The user accounts on both machines have blank passwords.  Would that cause any issue?

Any other ideas

I have XP Home. According to Help and Support center, simple file sharing cannot be turned off in XP Home edition. How can I remotely shutdown one XP Home computer using shutdown?

I already tried

shutdown -s -m //NAME

and got the error

"The network path was not found."

Thanks!!!

Thats because its \\name  not//

I'm having problems with this too. I have two XP Home computers. I've tried everything I could find (both fiddling and searching the internet) to try to get them to shut each other down. They keep giving me the "the network path was not found" error message. Any help would be appreciated.

mayby because, you are not the adminstrator

Further to Aaron's comment that Remote Shutdown of a XP Home PC is not possible because connecting remotely uses the rights of the Guest account - this is correct.

What is not correct however is the statement that remote shutdown is not possible. The solution lies in granting the Guest account the privilege to access the shutdown.  

To do this you need to use the NtRights.exe file found in the XP Resource Kit, here http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en  You need to download the kit from Microsoft. Copy the NtRights.exe program to Windows\system32. Next log-in as an administrator on the box top be shutdown remotely and perform the following commands from a command window:

NtRights –u Guest +r SeRemoteShutdownPrivilege

NtRights –u Guest +r SeShutdownPrivilege

Be careful about the spelling – note there is no ‘t’ in the priv name where you would expect it to read SetRemoteShutdownPrivilege  

See here for a full description of the NtRights.exe program http://support.microsoft.com/kb/279664

Now you should be able to use the shutdown.exe programs from a remote computer. When you do the shutdown message on your XP Home machine will read ‘Shutdown initiated by \\<pc name>Guest’

How am I supposed to copy the NtRights.exe program to Windows\system32?