Re: who initiate a shutdown ?

From: Karl Levinson [x y] mvp (
Date: 02/11/03

From: "Karl Levinson [x y] mvp" <>
Date: Mon, 10 Feb 2003 20:37:04 -0500

I agree:

Of course if you use shared login IDs where more than one user knows the
password, you may have a hard time telling who is really doing it.

Also, the person doing the shutdowns is probably in the local Administrators
group on the machine in question, and Admininstrators can potentially delete
any log or remove any auditing that you set up. It's hard to restrict an
Administrator... much better to determine who REALLY needs the Administrator

"Keith W. McCammon" <> wrote in message
> Audit, audit. audit!
> --
> Keith W. McCammon
> "Pierre Bru" <> wrote in message
> > hello,
> >
> > is it possible to log the username (and machine in case of a remote
> > shutdown request) of the person who initiated a shutdown on a machine ?
> >
> > TIA,
> > Pierre.
> >

Relevant Pages

  • RE: Script or Other Method to Reboot
    ... > We need different privileges when using Shutdown command and shutdown the ... > that only administrator will use command to shutdown the computers. ... > we may need to compile the script. ...
  • Re: asked to activate, unable to get to activation screen
    ... > The user that auto-logged in when booting up was the non-admin. ... dialog said needed to have administrator activate. ... > activate, unable to shutdown, in un-ending activation purgatory. ...
  • Re: WinXP Pro and prevent SHUTDOWN.EXE remote shutdown
    ... Look you local security policy. ... Force shutdown from remote systems ... possible the local administrator account.) ... > How can I prevent the usage of the remote shutdown on my WinXP Pro SP2 ...
  • Re: how to create a user with only shutdown rights
    ... > can there be a user with only shutdown rights who can shutdown the ... Well, only administrators can unlock a server, so if this is possible, this ... without making them an administrator, ... Task Scheduler permissions to non-administrators. ...
  • Re: changing audit-options
    ... I even try by logging on as the local administrator but - alas - the ... >> Control Panel/Administrative Tools/Local Security Policy ...under Local ... >> Policies select Audit Policy and double click on Audit account logon ...