Shutdown.exe doesn't run due to lack of privileges

G

Guest

I'm running shutdown.exe -r -f at a command line. It returns
"A required privilege is not held by the client"

The user is a Power User and as near as I can tell, has the correct
privileges. I'm not an expert in GPEdit. I ran across this article
indicating a similar problem, however, it appears this should have been fixed
in XP SP2. SP2 has been installed on this particular machine.

http://support.microsoft.com/default.aspx?scid=kb;en-us;814761

Running from an Administrator account seems to be fine, or having a
scheduled task with an administrator account and password supplied. Any
recommendations are appreciated.

Harrier.
 
T

Torgeir Bakken \(MVP\)

harrier said:
I'm running shutdown.exe -r -f at a command line. It returns
"A required privilege is not held by the client"

The user is a Power User and as near as I can tell, has the correct
privileges. I'm not an expert in GPEdit.
Click to expand...

Log in with an user with local admin rights.

Start/Run --> gpedit.msc

Go to
Computer Configuration\Windows Settings\Security Settings
\Local Policies\User Rights Assignment\

Double click on "Shut down the system"

Verify that the following groups are listed:

Administrators
Backup Operators
Power Users
Users

If any of them is missing, add them.
 
G

Guest

This is the exact location I was referring to when I mentioned that I think
the account has the correct privileges. I took the liberty to add Local
Service, Local and System to this policy with no success.

Harrier
 
T

Torgeir Bakken \(MVP\)

harrier said:
This is the exact location I was referring to when I mentioned that I
think the account has the correct privileges. I took the liberty to
add Local Service, Local and System to this policy with no success.
Click to expand...
Hi

Testing this my self, I also get "A required privilege is not held
by the client" error message when a Power User runs the command
shutdown.exe -r -f

But when I used a VBScript/WMI solution, I could do a (forced) reboot
without any problems.

After some further research, I found out that the user must have both
Local and Remote Shutdown privileges for shutdown.exe to work.

So you can either add this Remote Shutdown privilege to the Power
Users group (A), or use the VBScript below (B).


A)
To add the Remote Shutdown privilege:

Log in with an user with local admin rights.

Start/Run --> gpedit.msc

Go to
Computer Configuration\Windows Settings\Security Settings
\Local Policies\User Rights Assignment\

Double click on "Force shutdown from a remote system"

Add the "Power Users" group.


B)
Instead, you can use a VBScript/WMI solution.

Put the code below into a file called e.g. shutdwn.vbs, run it with
the following command line:

wscript.exe "<path-to-vbs-file>" PowerOff_Force


'--------------------8<----------------------
Set oArgs = WScript.Arguments

If oArgs.Count = 0 Then
' PowerOff as default value
ShutDown ".", "PowerOff"
Else
ShutDown ".", oArgs(i)
End If


Sub ShutDown(sNode, sAction)

' First parameter:
' use "." for local computer

' Second parameter:
' Use "PowerOff" for a poweroff
' Use "PowerOff_Force" for a forced poweroff
' Use "Shutdown" for a shutdown
' Use "Shutdown_Force" for a forced shutdown
' Use "Reboot" for a reboot
' Use "Reboot_Force" for a forced reboot
' Use "LogOff" for a logoff
' Use "LogOff_Force" for a forced logoff

Const EWX_LOGOFF = 0
Const EWX_SHUTDOWN = 1
Const EWX_REBOOT = 2
Const EWX_FORCE = 4
Const EWX_POWEROFF = 8

On Error Resume Next
Set oWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Shutdown)}!\\" _
& sNode & "\root\cimv2")

Set colOperatingSystems = oWMI.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each obj in colOperatingSystems
Set oOS = obj : Exit For
Next
If Err.Number <> 0 Then
WScript.Echo "Could not connect to " & sNode
Exit Sub
End If

sAction = LCase(sAction)

Select Case sAction
Case "logoff"
iCmd = EWX_LOGOFF
Case "logoff_force"
iCmd = EWX_LOGOFF + EWX_FORCE
Case "shutdown"
iCmd = EWX_SHUTDOWN
Case "shutdown_force"
iCmd = EWX_SHUTDOWN + EWX_FORCE
Case "reboot"
iCmd = EWX_REBOOT
Case "reboot_force"
iCmd = EWX_REBOOT + EWX_FORCE
Case "poweroff"
iCmd = EWX_POWEROFF
Case "poweroff_force"
iCmd = EWX_POWEROFF + EWX_FORCE
Case Else
MsgBox "Error: invalid input parameter!", _
vbExclamation + vbSystemModal, "ShutDown"
End Select

oOS.Win32shutdown iCmd

End Sub
'--------------------8<----------------------
 
G

Guest

Thank you. Works perfectly.

Harrier

Torgeir Bakken (MVP) said:
Hi

Testing this my self, I also get "A required privilege is not held
by the client" error message when a Power User runs the command
shutdown.exe -r -f

But when I used a VBScript/WMI solution, I could do a (forced) reboot
without any problems.

After some further research, I found out that the user must have both
Local and Remote Shutdown privileges for shutdown.exe to work.

So you can either add this Remote Shutdown privilege to the Power
Users group (A), or use the VBScript below (B).


A)
To add the Remote Shutdown privilege:

Log in with an user with local admin rights.

Start/Run --> gpedit.msc

Go to
Computer Configuration\Windows Settings\Security Settings
\Local Policies\User Rights Assignment\

Double click on "Force shutdown from a remote system"

Add the "Power Users" group.


B)
Instead, you can use a VBScript/WMI solution.

Put the code below into a file called e.g. shutdwn.vbs, run it with
the following command line:

wscript.exe "<path-to-vbs-file>" PowerOff_Force


'--------------------8<----------------------
Set oArgs = WScript.Arguments

If oArgs.Count = 0 Then
' PowerOff as default value
ShutDown ".", "PowerOff"
Else
ShutDown ".", oArgs(i)
End If


Sub ShutDown(sNode, sAction)

' First parameter:
' use "." for local computer

' Second parameter:
' Use "PowerOff" for a poweroff
' Use "PowerOff_Force" for a forced poweroff
' Use "Shutdown" for a shutdown
' Use "Shutdown_Force" for a forced shutdown
' Use "Reboot" for a reboot
' Use "Reboot_Force" for a forced reboot
' Use "LogOff" for a logoff
' Use "LogOff_Force" for a forced logoff

Const EWX_LOGOFF = 0
Const EWX_SHUTDOWN = 1
Const EWX_REBOOT = 2
Const EWX_FORCE = 4
Const EWX_POWEROFF = 8

On Error Resume Next
Set oWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Shutdown)}!\\" _
& sNode & "\root\cimv2")

Set colOperatingSystems = oWMI.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each obj in colOperatingSystems
Set oOS = obj : Exit For
Next
If Err.Number <> 0 Then
WScript.Echo "Could not connect to " & sNode
Exit Sub
End If

sAction = LCase(sAction)

Select Case sAction
Case "logoff"
iCmd = EWX_LOGOFF
Case "logoff_force"
iCmd = EWX_LOGOFF + EWX_FORCE
Case "shutdown"
iCmd = EWX_SHUTDOWN
Case "shutdown_force"
iCmd = EWX_SHUTDOWN + EWX_FORCE
Case "reboot"
iCmd = EWX_REBOOT
Case "reboot_force"
iCmd = EWX_REBOOT + EWX_FORCE
Case "poweroff"
iCmd = EWX_POWEROFF
Case "poweroff_force"
iCmd = EWX_POWEROFF + EWX_FORCE
Case Else
MsgBox "Error: invalid input parameter!", _
vbExclamation + vbSystemModal, "ShutDown"
End Select

oOS.Win32shutdown iCmd

End Sub
'--------------------8<----------------------


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Admin privileges 2
WMIDiag won't run- "User does not have enough privileges to run WMIDiag!" 1
XP Pro--Admin Account Lost Security Privileges 2
Can't run Device Manager 1
Insufficient privileges to run gpedit 9
Run MSI from Command Line 2
I AM the Administrator - but I can't aadd privileges to myself 1
Forcing my application to run with administrative privileges 2

Top