Removing these default groups might limit the abilities of users who are assigned to specific administrative roles in your environment. And that only Administrators have the user right on domain controllers.
Ensure that only Administrators and Backup Operators have the Shut down the system user right on member servers.The Shut down the system user right is required to enable hibernation support, to set the power management settings, and to cancel a shutdown.Ĭonstant: SeShutdownPrivilege Possible values For example, processing logon requests for new passwords, which are done by the primary domain controller (PDC) emulator master. Shutting down domain controllers that have been assigned operations master roles, which are also known as flexible single master operations or FSMO roles, can disable key domain functionality. Shutting down domain controllers makes them unable to do things like process logon requests, process Group Policy settings, and answer Lightweight Directory Access Protocol (LDAP) queries. This security setting determines if a user who is logged on locally to a device can shut down Windows.
Shut down the system - security policy settingĭescribes the best practices, location, values, policy management, and security considerations for the Shut down the system security policy setting.