I have a very powerful PC that is capable of running several environments.
This computer is running Windows Server 2008 R2 with Hyper-V feature
I want to allow a user to physically use the computer while Hyper-V is running, to do so I created another user account.
Is there any option to disable, restart or shutdown and still let the user have admin privileges?
Are there any other possibilities that I can do with the situation? Or other options?
Mathias suggest the correct action but with incorrect parameters.
Open secpol.msc and navigate to Security Settings - Local Policies - User Rights Assignment:
Find the 'Shut down the system' policy which determines who can shut down the server.
There are two entries in there on a 2008R2 Server: Administators and 'Backup Operators'.
Because you want to keep the user in the administators group, you need to remove that group but add another group or users who should still be able to shut down the server.
The problem with the user still being an administator is that he can just open secpol.msc and just add himself back to the 'Shut down the system' policy.
So you would need to prevent him from using the Local Group Policies, which may be possible but may also break other things he should be able to do as an administrator.
Open the Local Security Policy on the machine (Run -> secpol.msc).
Navigate to:
Select Shut down the system.
Remove Users from the list of security principals.
Now, only a member of the local Administrators group can shut down the machine.
