deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Acro boost edits

Browse Source
This commit is contained in:
jborsecnik
2020-11-05 10:03:18 -08:00
parent ef3e66649f
commit 6e2ab13e24
1 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
View File

@ -17,35 +17,36 @@ ms.topic: conceptual
ms.date: 04/19/2017 ms.date: 04/19/2017
--- ---
# Shutdown: Allow system to be shut down without having to log on # Shutdown: Allow system to be shut down without having to sign in
**Applies to** **Applies to**
- Windows 10 - Windows 10
Describes the best practices, location, values, policy management and security considerations for the **Shutdown: Allow system to be shut down without having to log on** security policy setting. Describes the best practices, location, values, policy management, and security considerations for the **Shutdown: Allow system to be shut down without having to log on** security policy setting.
## Reference ## Reference
This policy setting determines whether a device can be shut down without having to log on to Windows. If you enable this policy setting, the **Shut Down** option is available on the logon screen in Windows. If you disable this policy setting, the **Shut Down** option is removed from the logon screen. This configuration requires that users are able to log on to the device successfully and that they have the **Shut down the system** user right before they can perform a shutdown. This policy setting determines whether you can shut down a device without having to sign in to Windows. When you enable it, the **Shut Down** option is available on tthe sign-in screen in Windows. If you disable this setting, the **Shut Down** option is removed from the screen. To use the option, the user must sign in on the device successfully and have the **Shut down the system** user right.
Users who access the console locally can shut down the system. Attackers or misguided users can connect to the server by using Remote Desktop Services, and then shut it down or restart it without having to identify themselves. A malicious user might also cause a temporary denial-of-service
condition from a local console by restarting or shutting down the server.
Users who can access the console locally can shut down the system. Attackers or misguided users can connect to the server by using Remote Desktop Services, and then shut it down or restart it without having to identify themselves. A malicious user might also cause a temporary denial-of-service
condition by walking up to the local console and restarting the server, or shutting down the server and thus rendering unavailable all its applications and services.
### Possible values ### Possible values
- Enabled - Enabled
The shut down command is available on the logon screen. The shutdown command is available on the sign-in screen.
- Disabled - Disabled
The shut down option is removed from the logon screen and users must have the **Shut down the system** user right before they can perform a shutdown. The shut down option is removed from the sign-in screen. Users must have the **Shut down the system** user right to do a shutdown.
- Not defined - Not defined
### Best practices ### Best practices
1. On servers, set this policy to **Disabled**. You must log on to servers to shut them down or restart them. 1. On servers, set this policy to **Disabled**. You must sign in to servers to shut down or restart them.
2. On client devices, set this policy to **Enabled** and define the list of those with the right to shut them down or restart them with the User Rights Assignment policy **Shut down the system**. 2. On client devices, set this policy to **Enabled** and define the list of user with the right to shut them down or restart them with the User Rights Assignment policy **Shut down the system**.
### Location ### Location
@ -78,7 +79,10 @@ For info about the User Rights Assignment policy, **Shut down the system**, see
## Security considerations ## Security considerations
This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. This section describes:
- How an attacker might exploit a feature or its configuration.
- How to implement the countermeasure.
- Possible negative consequences of countermeasure implementation.
### Vulnerability ### Vulnerability
@ -92,8 +96,8 @@ Disable the **Shutdown: Allow system to be shut down without having to log on**
### Potential impact ### Potential impact
You must log on to servers to shut them down or restart them. You must sign in on servers to shut them down or restart them.
## Related topics ## Related articles
- [Security Options](security-options.md) - [Security Options](security-options.md)