My colleague often shuts down my machine through the LAN - how do I prevent it?

security windows shutdown windows-7 lan

This might sound weird. My colleague and I were working on a Windows machine. He frequently shuts it down through the LAN.

He usually follows these steps:

  1. Access command prompt, enter shutdown -i.
  2. Choose my IP address, click on Shutdown.
  3. Select a timeout of 2–3 seconds.
  4. Click OK

Unfortunately, I cannot disable remote access to my computer. Is there a way to prevent this?


Solution 1:

You are seeking technical solutions to a social problem and you're trying to address the symptoms instead of the underlying cause. This runs the risk of failure if he finds some other way of shutting down your machine.

Talk to your friend and remind him that you're not pals messing about at university, any more: you're professionals being paid to do a job. His behaviour is completely unacceptable in the workplace. He is deliberately stopping you from doing your job which, ultimately, is putting your job at risk. What happens when your boss calls you in to explain your poor performance? Do you accept the blame and get yourself fired? Or do you blame your friend and get him fired? Friends don't put friends in that situation.

Tell your friend that he needs to stop. Right now. Period. If he doesn't, you're going to have to talk to management.

Solution 2:

Run gpedit.msc and try disabling the option as shown below. Restart your PC to see if it works:

enter image description here
Click to enlarge

Solution 3:

The policy you want to change is in

Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment

Locate the policy named "Force shutdown from a remote system." By default, this policy has a value of Administrators. Just edit it to be an empty list, or put your friendly trusted IT person in there instead.

policy to force shutdown remotely

A note about "Shutdown: Allow system to be shut down without having to log on"

This policy applies to local shutdowns only. That is, it controls whether someone present at the computer can shut it down without having to log on first. By default, this policy is Enabled on workstations, and you can see the shutdown button in the lower right corner of the Windows logon screen.

local shutdown allowed

If you set this policy to Disabled, you will no longer see the shutdown button on the logon screen. A user would have to log on to the computer to shut it down. This is typically how servers are setup.

local shutdown prohibited

This policy does nothing to prevent a remote shutdown. You can try it yourself on a system that you can shutdown remotely. Set this policy to Disabled, and you will still be able to shut down that system.

A note about the Remote Registry service

Disabling the Remote Registry service does not prevent remote shutdowns. Remote Registry only affects the ability of the Shutdown Event Tracker to record the reason for the shutdown. If the reason cannot be recorded, the shutdown still occurs.

Solution 4:

This is a simple way to fix this problem without admin privileges.

But still.. Talk to your colleague man. I leave this with the community for any circumstances where disciplinary action is not readily available e.g internet cafe.

Put below code in a new text file. then change .txt extension to .bat

if you do not see the .txt extension go into:

  1. "folder and search options"
  2. uncheck "hide file extensions for known file types".

If win 8.1/8, in the my documents window, click view tab and find the options button.

Shutdown abort CODE, remember to close it when shutting down.

 :start
    cls (clear command prompt window.. Optional)
    @echo Shutting Down Cancel   
    shutdown -a
    TIMEOUT 1
    goto start

The code is not resource intensive for modern computers and won't show up in virus scanners. - caus it's not a virus =D

Solution 5:

You can disable this by either disabling the Remote Registry service or removing all other access to shutdown

Disable Remote Registry:

sc config "RemoteRegistry" start= disabled

Shutdown location:

C:\Windows\System32\shutdown.exe

Warnings:

Removing access to shutdown.exe will result in some unexpected results when doing any system tasks which involve resets ect...

As for Remote Registry:

Disabling the RemoteRegistry service will break most patch management solutions including the Software Update Service and Windows Automated Update. If you disable this service, you will have to perform patch management manually

-Brian Groth's Life at Microsoft

Related

Docker containers have their own kernel or not?
What is the "Search Domains" field for in the tcp/ip DNS settings control panel/preference pane for?
Option to Turn Bluetooth on or off is Missing
How to disable Ctrl+Q shortcut in Firefox on Linux
Is it possible to disable smooth movement of the cursor in Office 2013/windows 10?
how to run a powershell script as administrator
Pin applications to multiple desktops in Windows 10
How do I press Ctrl+Alt+Delete in VirtualBox?
Start Google Chrome on Mac with command line switches
Why would I choose Libav over FFmpeg, or is there even a difference?
Java : How to determine the correct charset encoding of a stream
Does a lambda expression create an object on the heap every time it's executed?