Answer for:

stopping "shutdown.exe"

Message 4 of 8

View entire thread
0 Votes

This solution is not the most elegant out there, but it does the job.

First create a Security group for everyone that should not be allowed to use shutdown.exe.

Then create a new GPO (or modify an existing one), Drill down to Computer configuration - windows settings - security settings - File system. Select add file and locate shutdown.exe (Usually c:\windows\system32\shutdown.exe ) then add the security group you just created and set "read and execute" permissions to deny.

The GPO will need to be applied on all computer OUs or on a domain level to make sure it applies to all systems.

This will allow everyone to still shutdown or reboot from the start menu, but not run shutdown.exe on remote systems.