My colleague often shuts down my machine through the LAN - how do I prevent it?

windows-7 windows security lan shutdown
44,747

Solution 1

You are seeking technical solutions to a social problem and you're trying to address the symptoms instead of the underlying cause. This runs the risk of failure if he finds some other way of shutting down your machine.

Talk to your friend and remind him that you're not pals messing about at university, any more: you're professionals being paid to do a job. His behaviour is completely unacceptable in the workplace. He is deliberately stopping you from doing your job which, ultimately, is putting your job at risk. What happens when your boss calls you in to explain your poor performance? Do you accept the blame and get yourself fired? Or do you blame your friend and get him fired? Friends don't put friends in that situation.

Tell your friend that he needs to stop. Right now. Period. If he doesn't, you're going to have to talk to management.

Solution 2

Run gpedit.msc and try disabling the option as shown below. Restart your PC to see if it works:

enter image description here
Click to enlarge

Solution 3

The policy you want to change is in

Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment

Locate the policy named "Force shutdown from a remote system." By default, this policy has a value of Administrators. Just edit it to be an empty list, or put your friendly trusted IT person in there instead.

policy to force shutdown remotely

A note about "Shutdown: Allow system to be shut down without having to log on"

This policy applies to local shutdowns only. That is, it controls whether someone present at the computer can shut it down without having to log on first. By default, this policy is Enabled on workstations, and you can see the shutdown button in the lower right corner of the Windows logon screen.

local shutdown allowed

If you set this policy to Disabled, you will no longer see the shutdown button on the logon screen. A user would have to log on to the computer to shut it down. This is typically how servers are setup.

local shutdown prohibited

This policy does nothing to prevent a remote shutdown. You can try it yourself on a system that you can shutdown remotely. Set this policy to Disabled, and you will still be able to shut down that system.

A note about the Remote Registry service

Disabling the Remote Registry service does not prevent remote shutdowns. Remote Registry only affects the ability of the Shutdown Event Tracker to record the reason for the shutdown. If the reason cannot be recorded, the shutdown still occurs.

Solution 4

This is a simple way to fix this problem without admin privileges.

But still.. Talk to your colleague man. I leave this with the community for any circumstances where disciplinary action is not readily available e.g internet cafe.

Put below code in a new text file. then change .txt extension to .bat

if you do not see the .txt extension go into:

  1. "folder and search options"
  2. uncheck "hide file extensions for known file types".

If win 8.1/8, in the my documents window, click view tab and find the options button.

Shutdown abort CODE, remember to close it when shutting down.

 :start
    cls (clear command prompt window.. Optional)
    @echo Shutting Down Cancel   
    shutdown -a
    TIMEOUT 1
    goto start

The code is not resource intensive for modern computers and won't show up in virus scanners. - caus it's not a virus =D

Solution 5

You can disable this by either disabling the Remote Registry service or removing all other access to shutdown

Disable Remote Registry:

sc config "RemoteRegistry" start= disabled

Shutdown location:

C:\Windows\System32\shutdown.exe

Warnings:

Removing access to shutdown.exe will result in some unexpected results when doing any system tasks which involve resets ect...

As for Remote Registry:

Disabling the RemoteRegistry service will break most patch management solutions including the Software Update Service and Windows Automated Update. If you disable this service, you will have to perform patch management manually

-Brian Groth's Life at Microsoft

Share:
44,747

Related videos on Youtube

BlueBerry - Vignesh4303
Author by

BlueBerry - Vignesh4303

I love to wear redhat,bite some apples and throw it away through windows :)

Updated on September 18, 2022

Comments

  • BlueBerry - Vignesh4303
    BlueBerry - Vignesh4303 over 1 year

    This might sound weird. My colleague and I were working on a Windows machine. He frequently shuts it down through the LAN.

    He usually follows these steps:

    1. Access command prompt, enter shutdown -i.
    2. Choose my IP address, click on Shutdown.
    3. Select a timeout of 2–3 seconds.
    4. Click OK

    Unfortunately, I cannot disable remote access to my computer. Is there a way to prevent this?

    • Thomas
      Thomas over 10 years
      Perhaps you could ask him to stop shutting down your computer remotely as well? It's a waste of company time and resources.
    • Mostafa Hamed
      Mostafa Hamed over 10 years
      We made a game of this in Uni trying to remote shutdown each other's PC. We all got very good at going Win+r 'shutdown -a'
    • Chris
      Chris over 10 years
      With great power comes great responsibility.
    • Ramhound
      Ramhound over 10 years
      Adjust your Windows Firewall settings to prevent this
    • Bleeding Fingers
      Bleeding Fingers over 10 years
      Is he the network admin? Do you have local admin rights? You say "were" so the situation is no more there?
    • Tomas
      Tomas about 10 years
      @Thomas see your point, but isn't it worrying example of stupidity of default Win 7 setup? Anyone can shutdown your machine by default?? Is Microsoft for real?
    • Katerine459
      Katerine459 about 10 years
      You could either ask him to stop, kindly, or less kindly, ask your superior to make him stop, or plug your/his machine off the network. Just, don't break his arms. It's not considered "acceptable retaliation".
    • alexis
      alexis about 10 years
      It's unfortunate that the highest-voted answer, although confirmed by several mods as being on-topic, is now locked and cannot be upvoted; while the technical solution, which many of us obviously believe to be missing the point, is still open for voting. Just saying.
    • BlueBerry - Vignesh4303
      BlueBerry - Vignesh4303 about 10 years
      i am little confused which answer to accept,technically makz answer solves the problem,but david 's answer solves the issue,which to accept :(
    • alexis
      alexis about 10 years
      @BlueBerry, I recommend you accept the one that, in your opinion, gives you the most useful advice. The problem you described has a social aspect, so you're not constrained to "accept" a technical solution. It's your choice. (I think my own preference is clear ;-))
    • Harry Johnston
      Harry Johnston about 10 years
      @Tomas: no, by default you need Administrator privilege to remotely shutdown a computer. Odds are the colleague does indeed have admin privilege, though it's also possible that the machine is configured improperly.
    • Tomas
      Tomas about 10 years
      @HarryJohnston "by default you need Administrator privilege to remotely shutdown a computer." - you mean Administrator privilege on his own machine, not the remote one? That can be anyone! Just bringing his laptop and connecting to the LAN. This is definitely not a safe.
    • Patrick Seymour
      Patrick Seymour about 10 years
      Harry is correct. By default, you need administrator rights on the remote machine, the one being shut down. Some machines are misconfigured, like Harry said, or some companies put everyone in the local admins group. Higher education is notorious for things like this.
    • Harry Johnston
      Harry Johnston about 10 years
      @Tomas: no, you need to be an administrator on the machine you're trying to shut down. I'd have thought that was obvious!
    • MAKZ
      MAKZ about 10 years
      @all is it possible that the colleague sneaked into his pc and created a admin ccount and hid it?
    • BlueBerry - Vignesh4303
      BlueBerry - Vignesh4303 about 10 years
      @MAKZ colleague is not network admin and we both are just domain users
    • slhck
      slhck about 10 years
      @alexis The answer had to be locked to prevent the comments from escalating. It's now unlocked again and we're watching it.
    • Harry Johnston
      Harry Johnston about 10 years
      @BlueBerry-vignesh4303: if your colleague does not have admin credentials on your machine, then there's something wrong with the machine. Non-admin users are not supposed to be able to shut down machines remotely. Get your IT support staff to investigate.
    • Harry Johnston
      Harry Johnston about 10 years
      What does net localgroup Administrators (run from the command line) show?
    • Steam
      Steam about 10 years
      @BlueBerry-vignesh4303 - Why does he do that ? Anyway, thanks for the question. This could be a good prank though.
    • ErikE
      ErikE about 10 years
      Have you considered blackmail?
    • Adam Davis
      Adam Davis about 10 years
      So there's a guy who uses pranks to form relationships with his coworkers. You can either shut him down, or play pranks on him. Have you tried pranking him back? Easy method would be to buy a wireless keyboard and mouse, and put the tiny dongle into his machine. Whenever he shuts down your computer, shut his down, or put a brick on the space bar until your computer comes back up, or send an email, or start his browser and load an annoyingly loud website, or, or, or. Once he removes the dongle, hide a noisemaker around his cube, etc, etc. harmless pranks don't have to be a bad thing.
    • Big McLargeHuge
      Big McLargeHuge about 10 years
      I'd punch him in the face.
    • Mr. Alien
      Mr. Alien about 10 years
      See if this article might help you
  • Patrick Seymour
    Patrick Seymour over 10 years
    The right to shut down without logging on pertains to local console shutdowns. For remote shutdowns, you should go to Local Policies | User Rights Assignment | Force shutdown from a remote system.
  • MAKZ
    MAKZ over 10 years
    @PatrickS. thanks, but for that security setting determines which users are allowed to shut down , and it's default value is Administrators . Apparantly his colleague is not an Administrator to his PC
  • Etheryte
    Etheryte over 10 years
    This is a bad "solution".
  • Ruslan
    Ruslan over 10 years
    Why cls if you have already @echo off?
  • HikeMike
    HikeMike over 10 years
    Since there's been some concern about the non-technical nature of this answer: We discussed a similar case a few years ago on the meta site and the consensus is: While questions need to be technical to be on topic, answers don't. They need to answer the question. Which this one does.
  • frogatto
    frogatto over 10 years
    it seems this a CPU killer!!!, cls in an infinite looooop :D
  • MAKZ
    MAKZ over 10 years
    @Ruslan just run the script with and without cls and see the difference
  • frogatto
    frogatto over 10 years
    @MAKZ shutdown -a > NUL is more efficient than shutdown -a with cls
  • PathToLife
    PathToLife about 10 years
    Well it's here if anyone needs it =P CPU KILLER! =D
  • Tomas
    Tomas about 10 years
    +1 Finaly a real answer. Enjoy the "Good answer" badge.
  • Patrick Seymour
    Patrick Seymour about 10 years
    @MAKZ I didn't see any mention that his colleague is not an admin. Also, it is the case that the policy you mention pertains to local (console) shutdowns. Read the explanation of the policy.
  • Ben
    Ben about 10 years
    And if IT at this company has a legitimate reason to shut down the computer? After pushing a security update, for example?
  • MAKZ
    MAKZ about 10 years
    @PatrickS. the explanation of the policy reads In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown.
  • MAKZ
    MAKZ about 10 years
    @Ben if the company is an admin to his pc, then they may remote login and then perform remote shutdown. but the coleague is not likely an admin. if the colleague is an admin, he has the same authoruty to remote shutdown as the ccompany has, and he is mis-using it
  • Harry Johnston
    Harry Johnston about 10 years
    If the colleague weren't an admin, he wouldn't be able to shut down the machine remotely (unless the machine is badly misconfigured). The setting you've indicated is completely irrelevant.
  • Patrick Seymour
    Patrick Seymour about 10 years
    @MAKZ Right before that, it talks about the Windows logon screen.
  • Harry Johnston
    Harry Johnston about 10 years
    Note, however, that if you have administrator access, you can bypass this policy if you really want to. It just makes it a little trickier. The bottom line is that if the bad guy has admin to your machine, you've already lost.
  • Patrick Seymour
    Patrick Seymour about 10 years
    @HarryJohnston Not disagreeing, but how is that done? I might need to prevent that in the future, if possible. Maybe I shouldn't ask in public. :)
  • Harry Johnston
    Harry Johnston about 10 years
    When you use shutdown.exe to shut down a remote machine, the first thing it does is to use your account credentials to log into that machine. So while the explanation quoted above is absolutely correct, it isn't relevant to this situation, because the user is logged in.
  • Harry Johnston
    Harry Johnston about 10 years
    Uh ... in this scenario, the other user is running the copy of shutdown.exe on their own machine, not the one on the machine being targeted. So deleting your copy really isn't going to help.
  • Mostafa Hamed
    Mostafa Hamed about 10 years
    @HarryJohnston If you remove your colleague's access to shutdown it work
  • Patrick Seymour
    Patrick Seymour about 10 years
    True. I always worry about telling people how to set policies in a corporate environment. Hate to make a fellow IT geek mad.
  • Mostafa Hamed
    Mostafa Hamed about 10 years
    What's stopping you from walking over to his desk and flipping the AC/DC switch? there is no way of 100% stopping this behaviour
  • Mostafa Hamed
    Mostafa Hamed about 10 years
    I agree this is ineffective as technical solutions to social problems rarely work that well.
  • MAKZ
    MAKZ about 10 years
    that requires sneaking
  • Harry Johnston
    Harry Johnston about 10 years
    @MAKZ: the colleague is using shutdown.exe to shut down the OPs machine. This only works because shutdown.exe uses the colleague's network credentials to log into the OPs machine. So the colleague is logged in.
  • ErikE
    ErikE about 10 years
    Along with this batch file, you should add a step where it checks for an existing pending shutdown initiated by said user, and initiate a shutdown on his machine with a 0 second wait and using the -f switch!
  • Nick T
    Nick T about 10 years
    Stopping one person in this manner may work, but what happens when an anonymous script kiddie happens onto this security hole?
  • David Richerby
    David Richerby about 10 years
    @NickT If the vulnerability is accessible from outside then a technical fix on the OP's machine won't help much, either, since every other machine in the company will need the same fix.
  • user1725145
    user1725145 about 10 years
    +1 for recognising the difference between a technical and a business situation.
  • stefgosselin
    stefgosselin about 10 years
    Yes, it seems logical that social problems are most often better dealt with social counter-actions. (In some cases, not excluding retaliation).
  • Yet Another User
    Yet Another User over 8 years
    This could be avoided by psexec'ing most likely.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows 7 keep computer from idling
How to turn off all secure protection of Windows 7?
Block access to a website via http, but not https, via etc/hosts?
Are the losses of resetting a Windows password reversible?
Turn on laptop with a mouse or keyboard
Windows-7 system files integrity
How to unlock Windows 7 screen using script
Any folder copied to my Flash/memory card becomes a shortcut?
How to quickly Enable/Disable Internet Traffic so that it ONLY goes to ONE program?
Why does this message 'Your internet security settings prevented one or more files from being opened' pop up?