I would do anything in my power to prevent the accidental shutdown of a critical server. Unfortunately, Windows makes it really easy to accidentally shut down a computer.
Once slip of the wrist would cause you to “Shut down” a machine instead of “Sign out” of it. I’m not perfect, I’ve made that mistake before.
Originally we created a Group Policy Object to control this behavior. It’s pretty easy to set up.
I created a GPO and named it Disable Shut Down Option on Start Menu - Servers, because I only want to control this behavior on servers. I still want my users to be able to shut down their workstations!
Edit that GPO and navigate to
User Configuration -> Policies ->
Administrative Templates -> Start Menu and Taskbar and Enable
the item called Remove and prevent access to the Shut Down, Restart,
Sleep, and Hibernate commands.
Since this policy configures items in User Configuration, this GPO must be linked in an OU that contains users.1
Now this GPO doesn’t distinguish between client and server OS versions yet. To do that, we need to create a WMI Filter. Originally I called this WMI Filer Non-client OSes. I renamed it after I added the query to check if the machine in question is one of my VMs. Since my VMs have a standard naming convention, my two WMI queries looked like this:
SELECT Name FROM Win32_OperatingSystem WHERE ProductType > 1 SELECT Name FROM Win32_ComputerSystem WHERE NOT Name LIKE 'MLJ-VM%'
Based on my research, it’s my understanding that GPO treats multiple
queries like this with an
AND operator. So if the machine is in fact a
server, but the name starts with “
True AND False is
False, so the GPO would not apply. The result on my server-OS VMs is
exactly what I want2:
Of course, you could remove the second query to apply this policy to all non-Client operating systems.
Articles from blogs I follow around the net
It seems like there’s a new trend popping up: Newsletters and paid newsletters. I prefer to read content using a news reader, with which I can subscribe to countless RSS (or JSON) feeds. I can also decide when to consume new content and am not bothered wit…via Posts on jlelse's Blog November 2, 2019
It’s been too long since I last did a good hack, for no practical reason other than great hack value. In my case, these often amount to a nostalgia for an age of computing I wasn’t present for. In a recent bid to capture more of this nostalgia, I recently pi…via Drew DeVault's Blog October 30, 2019
Generated by openring