You're reporting some strange things - see below.
Sean said:
Hi
I tryed what you said but it doen't appear to be working.
The shutdown command accepts -l commands not /l I ran shutdown /? to
discover this. So I converted all / to - but still not luck
I don't know what shutdown command you use. The one that comes
with the Win2000 Resource Kit generates the screen output below.
I also don't know where your /I switch comes from - certainly not from
my previous replies.
C:\>shutdown /?
Release 2.0 written by A. Blatzheim 1993 at Microsoft GmbH
Usage: SHUTDOWN [/?] [\\Computer] [/L] [/A] [/R] [/T:xx] ["Msg"] [/Y] [/C]
/? Shows this screen.
\\Computer Specifies a remote computer to shutdown.
/L Specifies a local shutdown.
/A Abortes a systemshutdown. This is only possible during the
timeout period.If this switch is used, all other are
ignored.
/R Specifies that the machine should reboot after shutdown.
/T:xx Sets the timer for system shutdown in seconds.[20 sec.
default]
"Msg" Specifies an additional message
/Y Answer all following questinons with yes
/C Forces running applications to close.
ATTENTION: If you use the /C parameter NT ignores the
applications option to save data which may
have canged. You will see no File-Save dialog
box, because NT will force the application to
close. This will result in a loss of all data.
not previously saved !!!
I created a test.bat file with.
@echo off
echo c:\Secure\shutdown.exe -l
pause
C:\secure has the shutdown.exe file in it as well as the test.bat
file.
when I run the batch file I get a dos box but nothing happens.
- What do you mean with "when I run the batch file"? Describe in detail
the method you used to invoke it!
- What do you mean with "DOS box"? You should see a black
screen, called a "Command Prompt", with the words
"c:\Secure\shutdown.exe -l"
in the top left-hand corner.
When I open up a command promt in c:\secure and run the shutdown
commands they work.
I think this issue needs to be fixed before adding your other
commands.
what do you think?
Sean
I'll keep an eye on the thread.
Hi
Thanks alot for your help, you went out of your way. I will try what
you suggest when I return to work on monday, currently it's Friday
night 11pm in Aus. If I have any more questions I will reply again to
this thread. Could you possible watch it?
It's not a real e-mail address, but thanks for the warning.
Regards
Sean
OK, things are becoming clear. I don't think that there is an
inbuilt tool to enforce the type of restriction you have in mind.
However, you can do it by scripting. Create a file c:\tools\restrict.bat
of the following form:
@echo off
if /i "%UserName%"=="sean" > NUL && goto :eof
if /i "%UserName%"=="administrator" > NUL && goto :eof
c:\tools\shutdown /L /T:0 /Y /C
Now create a shortcut
"c:\Documents and Settings\All Users\Start
Menu\Programs\Startup\restrict.lnk"
Point it at c:\tools\restrict.bat, and get it to run minimized.
Lastly, hide both the batch file and the link, and use your local
administrator
account to prevent anyone from modifying or deleting them, by applying
appropriate
NTFS restrictions.
Shutdown.exe comes with the Win2000 Resource Kit. It is included
in all versions of WinXP. Public domain versions are also available.
A word of warning: During the testing phase you should code the
batch file like so:
@echo off
if /i "%UserName%"=="sean" > NUL && goto :eof
if /i "%UserName%"=="administrator" > NUL && goto :eof
echo c:\tools\shutdown /L /T:0 /Y /C
pause
If you don't do this then you might lock yourself out of your own
machine . . .
And one last remark: If your quoted EMail address is correct then you
may have to brace yourself or an avalanche of spam.
Hi
I'm sorry for the confusion. I want to restrict access to my
workstation, and stop anyone logging on locally or by using a domain
account.
So the only accounts that can be used on my workstation is the local
Administrator account and my domain account which only I know the
passwords for.
Regards
Sean
wrote:
Sorry, you've lost me. I thought you wanted to prevent them
from logging in locally. Are you now saying that you want to
restrict them to a specific workstation, to prevent them from
using a domain account other than their own?
Hi
They don't know the local administrator password, but they logon
with
another domain user account with a password that they know,
this
is
what I'm trying to stop.
Any ideas?
Thanks Sean
wrote:
Don't tell them the password to the renamed local admin account,
and don't create local accounts for them!
Hi
Is there any way that I can stop users looging onto Win2k & XP
workstations in an NT4 domain?
i.e. All workstations have a local account with the Administrator
acc
renamed and a domain account. I want to stop people from logging
onto
workstations locally as new users and having access to the
workstation.
Regards
Sean