windows server 2019 - ALT+F4 logs off immediately without prompt dialog
I have a new windows server 2019 machine and now is confused with the ALT+F4 behavior. On my windows 10 and windows server 2016 machines, when I press ALT+F4 with the system focus on desktop, a prompt dialog will popup to let me choose what to do: logoff, shutdown, or restart, etc. But on windows server 2019, the dialog will not popup in some cases and the session is logged off immediately, and all applications are shutdown. This is not what I want and is very inconvenient. For example, when I press ALT+F4 to shutdown one application, occasionally the application lost focus, then the whole system is logged off, all other applications are shutdown. Definitely this is NOT what I meant to do. I tried some different users, here is the result:
- login as local administrator, the dialog popup as expected.
- login as local user, e.g. user1, no dialog.
- add user1 into local Administrators group, still no dialog.
- add the machine into domain, login as Domain Administrator, the dialog popup as expected.
- login as domain user, no dialog.
- add the domain user into local Administrators group, no dialog.
Seems that the dialog pops up only when login as local admin or domain admin. How to make it always pops up on ALT+F4 for all users?
Solution found! (EDITED - Added solution from Technet that I posted there) Thanks for the info jdoh about the UAC, that pointed me in the right direction.
So as jdoh mentioned, when the UAC is disabled functionality is restored, however, this is not a realistic option. If you're not familiar with how the UAC works, in a nutshell, it actually strips out the 'Adminstrator' (and other built-in privileged groups) token from your login while doing regular (non-elevated) tasks. The OS is looking for the "SeShutdownPrivilege" right to determine who is allowed to bring up the 'Shut Down Windows' box when you press ALT-F4. By default only the 'Administrator' or 'Backup Operators' can do this, but they both get stripped out by UAC now in Windows 2019 when doing this particular task.
The solution is to add yourself or a Domain Group you're in (preferred) to the 'Shut down the system' right within Group Policy. This is located under Computer Configuration->Windows Settings->Security Settings->Local Policies->User Rights Assignment. You can do this either locally on each machine via GPEDIT.MSC or (after testing) via Group Policy on your Domain. It will take a logout/login once you make the changes (or they have been applied from GPO) for them to take effect. If the option is grayed out while using GPEDIT.MSC, you may already have some Group Policy in your domain that is in effect and you'll have to adjust it from there.
Hope this helps!
Technet Link - https://social.technet.microsoft.com/Forums/en-US/71d6de0b-dfe3-4bff-b893-7bc7175b33f5/altf4-automatic-sign-out?forum=ws2019