Is there away to stop the shutdown.exe from being run from the cmd line, on workstations?.
IE the problem is "students" open either wordpad or notepad write "command.com" the save as .bat and run it.
It opens the cmd prompt box where they are able to call up the "shutdown.exe" and surf the network toshut computers remotely.
System is Winserver 2003 & students are in a seperate GPO to other users + they use login bats, so blocking .bat is out.
- Follow via:
- RSS
- Email Alert
Question
0
Votes
stopping "shutdown.exe"
Updated - 9th Jun 2007
Answers (3)
0
Votes
Did you find an answer?
Hi there, sorry to open an old topic, but Im having a similar problem..
In this case, I wanna prevent users to run .bat files (they create these with notepad)..
We have a mixed pc environment (XP/2K) and server 2k3 .. so using the software restriction policies from the AD only work for XP but not for the 2k pcs..
I already 'disabled the command prompt', also enable the 'dont run specified win apps'.. but since it's a .bat file.. they still have access to the command prompt..
I could use the reg editor, but since we have so many in different buildings.. I was wondering if there's a way to prevent bat files from being run from the user account (they're limited accounts)..
any help would be appreciated.
thanks
In this case, I wanna prevent users to run .bat files (they create these with notepad)..
We have a mixed pc environment (XP/2K) and server 2k3 .. so using the software restriction policies from the AD only work for XP but not for the 2k pcs..
I already 'disabled the command prompt', also enable the 'dont run specified win apps'.. but since it's a .bat file.. they still have access to the command prompt..
I could use the reg editor, but since we have so many in different buildings.. I was wondering if there's a way to prevent bat files from being run from the user account (they're limited accounts)..
any help would be appreciated.
thanks
21st Feb 2008
Replies
No real way as of yet, but did notice that if the users have just "user rights" the policies in server2003 do stop them. But once the user has "domain user" rights on the local machine it over writes the policy.
mark_williams@...
22nd Feb 2008
0
Votes
can you remove shutdown.exe from the system?
I never tried this myself.
Even better, replace shutdown.exe with another executable....so if you use something like bat2exe or perl2exe and create a 'shutdown.exe' that is actually running 'logevent.exe' which logs the user-id and machine name to the server (of the miscreant who was trying to run shutdown).
Even better, replace shutdown.exe with another executable....so if you use something like bat2exe or perl2exe and create a 'shutdown.exe' that is actually running 'logevent.exe' which logs the user-id and machine name to the server (of the miscreant who was trying to run shutdown).
21st Feb 2008
Replies
Did try this, no go though.
Windoz rebuilds the .exe @ reboot or start up.
So @ first thought the "replace" shutdown.exe wil not happen. But will try and edit it, and get back to you.
Windoz rebuilds the .exe @ reboot or start up.
So @ first thought the "replace" shutdown.exe wil not happen. But will try and edit it, and get back to you.
mark_williams@...
22nd Feb 2008
0
Votes
One solution
This solution is not the most elegant out there, but it does the job.
First create a Security group for everyone that should not be allowed to use shutdown.exe.
Then create a new GPO (or modify an existing one), Drill down to Computer configuration - windows settings - security settings - File system. Select add file and locate shutdown.exe (Usually c:\windows\system32\shutdown.exe ) then add the security group you just created and set "read and execute" permissions to deny.
The GPO will need to be applied on all computer OUs or on a domain level to make sure it applies to all systems.
This will allow everyone to still shutdown or reboot from the start menu, but not run shutdown.exe on remote systems.
First create a Security group for everyone that should not be allowed to use shutdown.exe.
Then create a new GPO (or modify an existing one), Drill down to Computer configuration - windows settings - security settings - File system. Select add file and locate shutdown.exe (Usually c:\windows\system32\shutdown.exe ) then add the security group you just created and set "read and execute" permissions to deny.
The GPO will need to be applied on all computer OUs or on a domain level to make sure it applies to all systems.
This will allow everyone to still shutdown or reboot from the start menu, but not run shutdown.exe on remote systems.
21st Feb 2008
Replies
Looks OK, will give it a bash.
One thing though.
The system runs a scheduled task using a .bat file to run a remote shut down command on all computers site wide. 70+comps.
If I remember correctly (saturday morning here)
it uses shutdown.exe.
One thing though.
The system runs a scheduled task using a .bat file to run a remote shut down command on all computers site wide. 70+comps.
If I remember correctly (saturday morning here)
it uses shutdown.exe.
mark_williams@...
22nd Feb 2008
might be an idea to run shared toolkit or if you have XP on all the PC's Steady State.
Benefits include not allowing computers to be shutdown or restarted.
Removing any application you want,not allowing them access to network unless mapped! No access to explorer, only access to my computer that only lists removable storage!
The computer always restarts from an image.
Benefits include not allowing computers to be shutdown or restarted.
Removing any application you want,not allowing them access to network unless mapped! No access to explorer, only access to my computer that only lists removable storage!
The computer always restarts from an image.
ComputerCookie
22nd Feb 2008
