Cybersecurity
DevOps Cloud
IT Operations Cloud
I work at the University of Copenhagen - Faculty of Life Sciences - Danish Centre for Forest, Landscape and Planning. We have a lot of student computers running Windows XP (managed by ZfD 7). When the students have finished using the computers they tend to just log off leaving the computers running on full power (often over nights or weekends) instead of shutting them down.
But with a little tweaking it is possible to shut down a computer if no user has been logged on for 10 minutes.
We also do weekly automated ZEN imaging and the tweak is also a great way to close the computers after the imaging schedule.
Here is the trick:
C:\WINDOWS\system32\tsshutdn.exe 1 /SERVER:%COMPUTERNAME% /DELAY:1 /POWERDOWN
You can, of course, use ZENworks to push both the command file and the registry settings. Very fast, simple and easy. This method will work for Windows XP SP3 (and probably also SP2). I used to do it another way on XP SP2. But Microsoft changed a few things in SP3, making my old method unusable. (Look below for the old method.)
For debugging purposes you can set SCRNSAVE.EXE to CMD.EXE and ScreenSaveTimeOut to 10. Log off and wait 10 seconds and a command prompt will open. You can now test different commands.
If you start taskmgr.exe you can see what user is initiating the process. Try starting notepad.exe or mspaint.exe and you will notice that the SYSTEM is the owner of the process. Try using the command:
shutdown.exe -s -t 05
and you will get the message: A required privilege is not held by the client. And that is so, even if you have assigned SYSTEM the right to shutdown the computer (Control Panel > Administrative Tools > Local Security Settings > Local Policies > User Right Assignment > Shut down the computer). You can’t even use the runas command to run shutdown.exe as another user (that was possible in SP2).
Here is the "old" method that I used for Windows XP SP2 with ZENworks:
This will launch your NAL application (which just shuts down the computer). The application is executed in the security context of the Workstation Manager. As I wrote earlier, this method does not work with SP3.
Right now I am working on a way to make the computer install Windows updates (if any) before shutting down. If I find a method for doing so, I will get back with an update to this post.
If you know a more elegant way to shut down a computer where no users are logged on, post a comment to this tip or email me: anma(at)life(dot)ku(dot)dk
All suggestions will "trigger" a big beer the next time you come to Copenhagen
Best Regards, Anders Martinusen