Here I just want to show a behavior difference between Windows Server 2008 R2 (or R2 SP1) and Windows Server 2012, and ask if you would prefer to retrieve a 2008 R2 behavior, or keep the new WS 2012 one.
The feature we want to achieve is: -allow datacenter technician to reboot/shutdown a server without logging in, either in physical access or KVM access. and -prevent end-user to reboot/shutdown a server without logging in, from a RDP session. We use the following local policy, set with gpedit.msc: “Shutdown: Allow system to be shut down without having to log on”, which is located at Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options
Let’s show images with RDP view of the logon console, with then without policy disabled – and then the similar KVM views:
PS credits to online for providing ad-hoc servers and KVMs, and OVH to report the issue first-hand.