0
Say, if I want to shut down a remote computer 2 from my computer 1 using a tool like shutdown.exe. I keep reading that this requires SeRemoteShutdownPrivilege. What I am not clear about is which computer needs it, local computer 1 or remote computer 2 that is being shut down?
c00000fd
Posted 2018-12-14T22:42:08.827
Reputation: 339
1
From your link : "User" Right: Force shutdown from a remote system."
So it would be the user that performs the privileged shutdown.
Moab
Posted 2018-12-14T22:42:08.827
Reputation: 54 203
0
There is a better description of SeRemoteShutdownPrivilege in the Microsoft
article
Force shutdown from a remote system:
This security setting determines which users are allowed to shut down a device from a remote location on the network. This allows members of the Administrators group or specific users to manage computers (for tasks such as a restart) from a remote location.
The permission then needs to be granted on the computer that is to be shutdown remotely. The account that is used is the local account that corresponds to the remote account that will issue the shutdown request.
This is only logical, since otherwise any remote account that has this permission will be able to shutdown any computer on the local network.
The situation is clearer in a domain, when the remote user is logged-in using a domain account that will be recognized on the target computer.
harrymc
Posted 2018-12-14T22:42:08.827
Reputation: 306 093
Well, you see my confusion. You are pretty much contradicting all other answers posted above. So now, which one is it? I kinda followed your logic originally, and it does make sense in case of the domain accounts being used here. But what is confusing is when you have mere workstations involved. If it's the computer that is being shutdown, two questions arise: 1) how would that remote account be known on the other workstation when shutdown is issued to verify this permission? and 2) What process on the remote system that is shutdown do I need to give SeRemoteShutdownPrivilege permission to? – c00000fd – 2018-12-15T20:20:07.307
I wrote this answer because the others seemed incorrect. 1) The remote account is known by its network credentials or by the identity it assumes on the target computer, 2) This is a property of the effective local/domain account on the target computer under which executes the process. The remote process presents credentials to the target which identify an account, local to the target or domain, that must have this permission. – harrymc – 2018-12-15T21:03:15.227
1The user who performed the action – Ramhound – 2018-12-14T22:51:58.710
@Ramhound: Thanks. I guess a process performing a remote shutdown cannot grant
SeRemoteShutdownPrivilegeto itself, so it had be done viasecpol, right? – c00000fd – 2018-12-14T23:30:32.453