My colleague often shuts down my machine through the LAN - how do I prevent it?
Solution 1
You are seeking technical solutions to a social problem and you're trying to address the symptoms instead of the underlying cause. This runs the risk of failure if he finds some other way of shutting down your machine.
Talk to your friend and remind him that you're not pals messing about at university, any more: you're professionals being paid to do a job. His behaviour is completely unacceptable in the workplace. He is deliberately stopping you from doing your job which, ultimately, is putting your job at risk. What happens when your boss calls you in to explain your poor performance? Do you accept the blame and get yourself fired? Or do you blame your friend and get him fired? Friends don't put friends in that situation.
Tell your friend that he needs to stop. Right now. Period. If he doesn't, you're going to have to talk to management.
Solution 2
Run gpedit.msc and try disabling the option as shown below. Restart your PC to see if it works:
Solution 3
The policy you want to change is in
Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment
Locate the policy named "Force shutdown from a remote system." By default, this policy has a value of Administrators
. Just edit it to be an empty list, or put your friendly trusted IT person in there instead.
A note about "Shutdown: Allow system to be shut down without having to log on"
This policy applies to local shutdowns only. That is, it controls whether someone present at the computer can shut it down without having to log on first. By default, this policy is Enabled on workstations, and you can see the shutdown button in the lower right corner of the Windows logon screen.
If you set this policy to Disabled, you will no longer see the shutdown button on the logon screen. A user would have to log on to the computer to shut it down. This is typically how servers are setup.
This policy does nothing to prevent a remote shutdown. You can try it yourself on a system that you can shutdown remotely. Set this policy to Disabled, and you will still be able to shut down that system.
A note about the Remote Registry service
Disabling the Remote Registry service does not prevent remote shutdowns. Remote Registry only affects the ability of the Shutdown Event Tracker to record the reason for the shutdown. If the reason cannot be recorded, the shutdown still occurs.
Solution 4
This is a simple way to fix this problem without admin privileges.
But still.. Talk to your colleague man. I leave this with the community for any circumstances where disciplinary action is not readily available e.g internet cafe.
Put below code in a new text file. then change .txt extension to .bat
if you do not see the .txt extension go into:
- "folder and search options"
- uncheck "hide file extensions for known file types".
If win 8.1/8, in the my documents window, click view tab and find the options button.
Shutdown abort CODE, remember to close it when shutting down.
:start
cls (clear command prompt window.. Optional)
@echo Shutting Down Cancel
shutdown -a
TIMEOUT 1
goto start
The code is not resource intensive for modern computers and won't show up in virus scanners. - caus it's not a virus =D
Solution 5
You can disable this by either disabling the Remote Registry service or removing all other access to shutdown
Disable Remote Registry:
sc config "RemoteRegistry" start= disabled
Shutdown location:
C:\Windows\System32\shutdown.exe
Warnings:
Removing access to shutdown.exe will result in some unexpected results when doing any system tasks which involve resets ect...
As for Remote Registry:
Disabling the RemoteRegistry service will break most patch management solutions including the Software Update Service and Windows Automated Update. If you disable this service, you will have to perform patch management manually
Related videos on Youtube
BlueBerry - Vignesh4303
I love to wear redhat,bite some apples and throw it away through windows :)
Updated on September 18, 2022Comments
-
BlueBerry - Vignesh4303 over 1 year
This might sound weird. My colleague and I were working on a Windows machine. He frequently shuts it down through the LAN.
He usually follows these steps:
- Access command prompt, enter
shutdown -i
. - Choose my IP address, click on Shutdown.
- Select a timeout of 2–3 seconds.
- Click OK
Unfortunately, I cannot disable remote access to my computer. Is there a way to prevent this?
-
Thomas over 10 yearsPerhaps you could ask him to stop shutting down your computer remotely as well? It's a waste of company time and resources.
-
Mostafa Hamed over 10 yearsWe made a game of this in Uni trying to remote shutdown each other's PC. We all got very good at going Win+r 'shutdown -a'
-
Chris over 10 yearsWith great power comes great responsibility.
-
Ramhound over 10 yearsAdjust your Windows Firewall settings to prevent this
-
Bleeding Fingers over 10 yearsIs he the network admin? Do you have local admin rights? You say "were" so the situation is no more there?
-
Tomas about 10 years@Thomas see your point, but isn't it worrying example of stupidity of default Win 7 setup? Anyone can shutdown your machine by default?? Is Microsoft for real?
-
Katerine459 about 10 yearsYou could either ask him to stop, kindly, or less kindly, ask your superior to make him stop, or plug your/his machine off the network. Just, don't break his arms. It's not considered "acceptable retaliation".
-
alexis about 10 yearsIt's unfortunate that the highest-voted answer, although confirmed by several mods as being on-topic, is now locked and cannot be upvoted; while the technical solution, which many of us obviously believe to be missing the point, is still open for voting. Just saying.
-
BlueBerry - Vignesh4303 about 10 yearsi am little confused which answer to accept,technically makz answer solves the problem,but david 's answer solves the issue,which to accept :(
-
alexis about 10 years@BlueBerry, I recommend you accept the one that, in your opinion, gives you the most useful advice. The problem you described has a social aspect, so you're not constrained to "accept" a technical solution. It's your choice. (I think my own preference is clear ;-))
-
Harry Johnston about 10 years@Tomas: no, by default you need Administrator privilege to remotely shutdown a computer. Odds are the colleague does indeed have admin privilege, though it's also possible that the machine is configured improperly.
-
Tomas about 10 years@HarryJohnston "by default you need Administrator privilege to remotely shutdown a computer." - you mean Administrator privilege on his own machine, not the remote one? That can be anyone! Just bringing his laptop and connecting to the LAN. This is definitely not a safe.
-
Patrick Seymour about 10 yearsHarry is correct. By default, you need administrator rights on the remote machine, the one being shut down. Some machines are misconfigured, like Harry said, or some companies put everyone in the local admins group. Higher education is notorious for things like this.
-
Harry Johnston about 10 years@Tomas: no, you need to be an administrator on the machine you're trying to shut down. I'd have thought that was obvious!
-
MAKZ about 10 years@all is it possible that the colleague sneaked into his pc and created a admin ccount and hid it?
-
BlueBerry - Vignesh4303 about 10 years@MAKZ colleague is not network admin and we both are just domain users
-
slhck about 10 years@alexis The answer had to be locked to prevent the comments from escalating. It's now unlocked again and we're watching it.
-
Harry Johnston about 10 years@BlueBerry-vignesh4303: if your colleague does not have admin credentials on your machine, then there's something wrong with the machine. Non-admin users are not supposed to be able to shut down machines remotely. Get your IT support staff to investigate.
-
Harry Johnston about 10 yearsWhat does
net localgroup Administrators
(run from the command line) show? -
Steam about 10 years@BlueBerry-vignesh4303 - Why does he do that ? Anyway, thanks for the question. This could be a good prank though.
-
ErikE about 10 yearsHave you considered blackmail?
-
Adam Davis about 10 yearsSo there's a guy who uses pranks to form relationships with his coworkers. You can either shut him down, or play pranks on him. Have you tried pranking him back? Easy method would be to buy a wireless keyboard and mouse, and put the tiny dongle into his machine. Whenever he shuts down your computer, shut his down, or put a brick on the space bar until your computer comes back up, or send an email, or start his browser and load an annoyingly loud website, or, or, or. Once he removes the dongle, hide a noisemaker around his cube, etc, etc. harmless pranks don't have to be a bad thing.
-
Big McLargeHuge about 10 yearsI'd punch him in the face.
-
Mr. Alien about 10 yearsSee if this article might help you
- Access command prompt, enter
-
Patrick Seymour over 10 yearsThe right to shut down without logging on pertains to local console shutdowns. For remote shutdowns, you should go to Local Policies | User Rights Assignment | Force shutdown from a remote system.
-
MAKZ over 10 years@PatrickS. thanks, but for that security setting
determines which users are allowed to shut down
, and it's default value isAdministrators
. Apparantly his colleague is not an Administrator to his PC -
Etheryte over 10 yearsThis is a bad "solution".
-
Ruslan over 10 yearsWhy
cls
if you have already@echo off
? -
HikeMike over 10 yearsSince there's been some concern about the non-technical nature of this answer: We discussed a similar case a few years ago on the meta site and the consensus is: While questions need to be technical to be on topic, answers don't. They need to answer the question. Which this one does.
-
frogatto over 10 yearsit seems this a CPU killer!!!,
cls
in an infinite looooop :D -
MAKZ over 10 years@Ruslan just run the script with and without
cls
and see the difference -
frogatto over 10 years@MAKZ
shutdown -a > NUL
is more efficient thanshutdown -a
withcls
-
PathToLife about 10 yearsWell it's here if anyone needs it =P CPU KILLER! =D
-
Tomas about 10 years+1 Finaly a real answer. Enjoy the "Good answer" badge.
-
Patrick Seymour about 10 years@MAKZ I didn't see any mention that his colleague is not an admin. Also, it is the case that the policy you mention pertains to local (console) shutdowns. Read the explanation of the policy.
-
Ben about 10 yearsAnd if IT at this company has a legitimate reason to shut down the computer? After pushing a security update, for example?
-
MAKZ about 10 years@PatrickS. the explanation of the policy reads
In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
-
MAKZ about 10 years@Ben if the company is an admin to his pc, then they may remote login and then perform remote shutdown. but the coleague is not likely an admin. if the colleague is an admin, he has the same authoruty to remote shutdown as the ccompany has, and he is mis-using it
-
Harry Johnston about 10 yearsIf the colleague weren't an admin, he wouldn't be able to shut down the machine remotely (unless the machine is badly misconfigured). The setting you've indicated is completely irrelevant.
-
Patrick Seymour about 10 years@MAKZ Right before that, it talks about the Windows logon screen.
-
Harry Johnston about 10 yearsNote, however, that if you have administrator access, you can bypass this policy if you really want to. It just makes it a little trickier. The bottom line is that if the bad guy has admin to your machine, you've already lost.
-
Patrick Seymour about 10 years@HarryJohnston Not disagreeing, but how is that done? I might need to prevent that in the future, if possible. Maybe I shouldn't ask in public. :)
-
Harry Johnston about 10 yearsWhen you use
shutdown.exe
to shut down a remote machine, the first thing it does is to use your account credentials to log into that machine. So while the explanation quoted above is absolutely correct, it isn't relevant to this situation, because the user is logged in. -
Harry Johnston about 10 yearsUh ... in this scenario, the other user is running the copy of
shutdown.exe
on their own machine, not the one on the machine being targeted. So deleting your copy really isn't going to help. -
Mostafa Hamed about 10 years@HarryJohnston If you remove your colleague's access to shutdown it work
-
Patrick Seymour about 10 yearsTrue. I always worry about telling people how to set policies in a corporate environment. Hate to make a fellow IT geek mad.
-
Mostafa Hamed about 10 yearsWhat's stopping you from walking over to his desk and flipping the AC/DC switch? there is no way of 100% stopping this behaviour
-
Mostafa Hamed about 10 yearsI agree this is ineffective as technical solutions to social problems rarely work that well.
-
MAKZ about 10 yearsthat requires sneaking
-
Harry Johnston about 10 years@MAKZ: the colleague is using
shutdown.exe
to shut down the OPs machine. This only works becauseshutdown.exe
uses the colleague's network credentials to log into the OPs machine. So the colleague is logged in. -
ErikE about 10 yearsAlong with this batch file, you should add a step where it checks for an existing pending shutdown initiated by said user, and initiate a shutdown on his machine with a 0 second wait and using the -f switch!
-
Nick T about 10 yearsStopping one person in this manner may work, but what happens when an anonymous script kiddie happens onto this security hole?
-
David Richerby about 10 years@NickT If the vulnerability is accessible from outside then a technical fix on the OP's machine won't help much, either, since every other machine in the company will need the same fix.
-
user1725145 about 10 years+1 for recognising the difference between a technical and a business situation.
-
stefgosselin about 10 yearsYes, it seems logical that social problems are most often better dealt with social counter-actions. (In some cases, not excluding retaliation).
-
Yet Another User over 8 yearsThis could be avoided by psexec'ing most likely.