1

In my college, we use Microsoft Server 2008, and each student has their own account.

In my class, students discovered that they can remotely shut down each other's PCs using cmd (the fact that we have sufficient permission to do this is an issue for another day).

To prevent this inconvenience, I wrote a batch file with the following command:

shutdown /a

and now I'm trying to schedule it for the shutdown event with no success. So my question is: Is there a way to make this batch file run any time somebody attempts to shut down my PC remotely?

If this is impossible, then I'll have to write a Java program that continuously checks if shutdown.exe is running and if it is, aborts it.

Vinayak
  • 10,625
  • 10
  • 54
  • 89
Dziugas
  • 175
  • 2
  • 10
  • Lol. Reminds me of my college days. We used to have this 'problem' where every computer in the lab had a local Administrator account with the same password since they were cloned. Needless to say, someone got hold of the SAM file and cracked the password and would use it to execute remote shutdowns. – Vinayak Dec 06 '14 at 15:48
  • You can try changing your user (and local Administrator) password with the `net user ` command and see if that helps. If not, they might be a domain administrator and you're screwed if that's the case. You could disconnect from the network (if you have the necessary permissions to do that) or simply pull out the Ethernet cable. – Vinayak Dec 06 '14 at 15:55
  • I'm not sure if this will work, and I can't test it. But I would prevent shutdown.exe to run. You can do this in the registry. See http://www.howtogeek.com/180803/how-to-block-an-application-or-.exe-from-running-in-windows/ – LPChip Dec 06 '14 at 16:12
  • @LPChip Even if shutdown.exe can be prevented from running, the perps can still use third party tools like [PsExec](http://technet.microsoft.com/en-in/sysinternals/bb897553.aspx) or [PsShutdown](http://technet.microsoft.com/en-in/sysinternals/bb897541.aspx) to initiate a shutdown. Although I don't consider PsExec or PsShutdown as 'third party' software since they're developed by Sysinternals, which is now a part of Microsoft. – Vinayak Dec 06 '14 at 16:17
  • @Vinayak true, but if you go this far, it is simply not possible to block the shutdown, because these commands will initiate the shutdown using a different user, which is outside your scope and cannot be detected either. – LPChip Dec 06 '14 at 17:38
  • @LPChip The only viable solution is to prevent remote users from having local administrative privileges [as suggested by Skyhawk at Server Fault](http://serverfault.com/a/345347/218766) – Vinayak Dec 06 '14 at 18:28

1 Answers1

0

If you don't mind having a cmd window open all the time: 

@echo off
:nope
shutdown /a
goto :nope

(put in a .bat file).

Or another trick: always have a unsaved word document open with some text in it. windows will ask if you want to force shutdown. click cancel and you can go on

If nothing else helps and you are a administrator on your PC then try this: Disable remote shutdown on windows 8.1

Community
  • 1
noahp78
  • 21
  • 2
  • This doesn't always work. And they can easily force a shutdown with the `/F` switch by using the command `shutdown -s -f -t 00` – Vinayak Dec 06 '14 at 15:58
  • @noahp78 My favourite solution (the infinite abort loop) because it doesn't require disconnecting from the network and I don't want to be further inconvenienced! – Dziugas Dec 06 '14 at 16:05
  • @Vinayak When you say it doesn't always work, are you referring to the batch file solution or the 'open word document' solution? – Dziugas Dec 06 '14 at 16:07
  • Both. The 'open word document' workaround is easily bypassed with the `/F` switch. And the infinite loop batch file sometimes isn't fast enough or the perps could simply do a `taskkill /F /IM cmd.exe` before running `shutdown -s -f -t 00` – Vinayak Dec 06 '14 at 16:09
  • @Dziugas The **only** solution is to make sure they can't remotely execute commands on your computer. They can't do that without Administrator privileges, so you change the admin password. However, if you can't do that because you're either running as a standard user or they are a [Domain Administrator](http://technet.microsoft.com/en-in/library/cc756898%28v=ws.10%29.aspx) then all you can really do is disconnect from the network. – Vinayak Dec 06 '14 at 16:13
  • @Vinayak Changing a local admin password wouldn't help. as they still have admin access. Seeing that this is a school network they likely have a Active Directory. (So Admins are also Domain Administrators). In this situation the third solution may work – noahp78 Dec 06 '14 at 16:17
  • @noahp78 I haven't tried the last solution and I have no means to do so but it is worth a shot. – Vinayak Dec 06 '14 at 16:29