Force shutdown from a remote system (Windows)

Module: Account Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports accounts with rights to shut down computers from remote systems. This right could be used by a malicious user to perform a denial-of-service attack. You can use the name list to exclude or include users or security groups that are not already excluded or included by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Force shutdown from a remote system

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_FORCE_REMOTE_SHUTDOWN

Category: Policy Compliance

  • Windows 2000 (105938)

  • Windows 2003 (205938)

  • Windows 2008 (248938)

  • Windows Vista (228934)

  • Windows XP (200934)

Title: Force shutdown from a remote system

Description:The user or security group has the right to force a shutdown from a remote system. This right can be used by a malicious user to perform a denial-of-service attack. Most users and groups do not need this right. Use the Correct feature to revoke the right.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]