Monday, September 13, 2010

Rebooting machine via standard user on Windows

While trying to write an automation, I needed to reboot machine using non-administrator user on server 2003 and windows xp. General way to do the same is to use one of the following ways

InitiateSystemShutdownEx API
Shutdown /r /f

Both of these failed with "Access denied" error. In case of  API, OpenProcessToken returned the error. OpenProcessToken is first step to acquire privilege SE_SHUTDOWN_NAME. Access denied error in this API. Obvious answer is to use impersonation APIs and then  attempt. Still same failure. It seems simple impersonation cannot help acquire required permissions, even in server 2003 & XP.

Next attempt was to check some sysinternal tool to be able to reboot. Mind it, I know all passowrds in plaintext as it is test automation. Even PsShutdown tool had same issue.

Finally, A hacky solution was found and that is add our standard user to "Backup operators" group which can be easily done through the API "NetLocalGroupAddMembers". Problem solved. No security issues either and achieved my shutdown work within same application.

No comments: