Jump to content

Disable option for terminal server user to restart server


CJD138

Recommended Posts

Hi there, I am new to this forum and not sure if this has been asked before so please forgive me if it has.

 

We have a 2003 terminal server set up which is running ESET EndPoint Antivirus  v5.0.2229.1 on it. We have had an issue where a user received an infected email and was prompted by ESET to restart the machine to remove the infection. The user accepted the offer not realising it would affect other terminal server users.

 

I was hoping someone could point me in the right direction to prevent users from being able to restart the terminal server in this situation but instead have the administrator informed of the problem.

 

Thanks in advance for any help.

 

Colin.

Link to comment
Share on other sites

So all the users that login to your terminal server have administrative privileges ??

If so this is not a great idea, and i don't recommend it unless absolutely have to.

It is also a security risk.

 

By default, non-administrative Terminal Services users do not have computer restart privileges.

-Source:Technet - hxxp://technet.microsoft.com/en-us/library/cc720539%28v=ws.10%29.aspx

 

I am working on a solution.

You may be able to do this through the Local Security policy which would conclude by adding whatever account ESET uses to initiate a restart, and ensure it does not have the restart capability, while still maintaining elevation for fighting malware and interacting with crucial windows services and files etc.

 

I am not entirely sure, but i thought the Remote Administrator Console for ESET had the option of either suppressing user restarts or similar to assist with these situations as well.

 

Another solution would be to remove the Endpoint Antivirus and install File security, then lock down ALL the settings with a master password. I think that may prevent restarts too.

Edited by Arakasi
Link to comment
Share on other sites

Yes ERA is all you need to change the settings around on your users so they cant do anything, and you can allow a sysadmin to manage and reboot during non production hours.

 

See my attached pic for policy location.

 

post-1101-0-02185800-1418402792_thumb.jpg

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...