New User
For security reasons it’s wise to not work on an Administrator account during your daily work and/or entertainment. In the following steps will be explained how to create a new (limited) user which also has permission to shutdown the computer.
1. In the Start menu click Run and type control userpasswords2.
2. In the User Accounts window which comes up click Add, fill in the User name and optionally Full name and Description fields and click Next.
3. Fill in a password twice and click Next.
4. In the ‘level of access’ screen choose Standard User to create a limited account to work with which is recommended from a security perspective, then click Finish to add the user!
Shutdown Permission
5. If you selected Standard User as level of access, you have to give non-Administrator users permission to shutdown the PC. To do this click Run in the menu Start, then type gpedit.msc and click OK. In the Local Group Policy Editor browse to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment. In the right pane scroll to Shut down the system.
6. Double click the Shut down the system policy and click Add User or Group.
7. Enter INTERACTIVE to give all users which can login into the Windows Desktop permission to shut down. If you don’t want to allow all interactive users to shutdown the pc you can also enter the username of the user you want to give permission to shut down. After entering the group or username click OK twice to save the Shutdown policy change.
Permission to burn CDs and DVDs
8. Now browse to Computer Configuration -> Administrative Templates -> System -> Removable Storage Access.
9. Double click the CD and DVD: Deny write access policy, set it to Disabled and click OK.
Continue to configure Automatic Logon of a user or skip it and continue to remove password restrictions
Hello WindowsWorkStation.com
Just wanted to congratulate you on your guidelines to convert Windows 2008 R2 into a desktop machine for everyday use. I have gone trough most of them and I found them very useful.
I also wanted to ask you if you have ran into a situation where you need to create a standard user for a windows 2008 R2 standalone/workstation machine and provide this std user the ability to create and manage other accounts without adding it to the Administrators or backup operators… GPO maybe ?
Any comments will be greatly appreciated.
Thank you
Rick