|
Posted by Danny Sanders on April 4, 2007, 5:52 pm
Please log in for more thread options
None that I'm aware of.
If you are a domain admin, and the people restarting the server are domain
admins, what ever you do to lock down the server from rebooting, they as
domain admins can undo.
You might have to come at this from the standpoint of service interruption.
We have several domain admins here, but we have strict change controls, all
patches that require a reboot must be scheduled and done "after hours",
reboots, unless under a circumstance where the service is already down, are
not allowed. If something has to be done to a server on the network that
does not require a reboot, we have to get approval from a manager or two
other system admins or it can't be done.
We have a huge network serving over 8,000 people all over the world. This
works for us, might be over kill for smaller networks but your change
controls can be adjusted for your environment.
At least you may be able to get them to give you a warning so you can send
out an email.
hth
DDS
> We have a 2003 Enterprise A/P cluster with Exchange 2003 in the cluster.
> We
> have had a fair number of instances where a different office pushes
> patches
> via SMA and or applies them manually and then reboot the system in the
> middle
> of our work day. Obviously this gets me looking like an idiot and it
> appears
> as though we are in a no win scenario getting them to stop doing this.
> What
> the question is...is there a way to set a 2003 server to not reboot unless
> done with an authorized account or password on the systems themselves?
> This
> meaning that even if who is logged in is a domain admin, if they try to
> shut
> down the system it would either not allow them to or it would prompt for
> the
> shutdown password before doing a reboot. Thanks!!
| 
XML Sitemap