Workaround for Shutdown.exe LUA bug

The "shutdown.exe" command-line utility in Windows XP has a LUA bug that prevents non-admin users from using it to shut down or restart the computer. There is a simple workaround.

Shutdown.exe offers a number of command-line options, including the ability to shut down a remote system (assuming you have the privilege to do so on the remote machine). The problem is that when something other than "logoff" is specified, Shutdown.exe tries to enable both the SeShutdownPrivilege ("Shut down the system") and the SeRemoteShutdownPrivilege ("Force shutdown from a remote system"), even if local shutdown or reboot is all that is being requested. On XP, Users have SeShutdownPrivilege by default, but they don't have SeRemoteShutdownPrivilege.

The workaround: Grant "INTERACTIVE" the SeRemoteShutdownPrivilege.

How to do it (requires admin privileges): Open Administrative Tools \ "Local Security Settings". Navigate to Security Settings \ Local Policies \ User Rights Assignment. Double-click "Force shutdown from a remote system" in the right pane. Click "Add User or Group". Enter the name INTERACTIVE in the text box and click "Check names", then click OK, and OK again.

Does granting this privilege this way open up the computer to remote attack? No. The "INTERACTIVE" SID appears in the user's token only in the interactive logon session. Remotely invoked code does not have INTERACTIVE in its token.