Shutdown option on the logonscreen with Imprivata Onesign - yyimen的日志 - 网易博客

 

Shutdown option on the logonscreen with Imprivata Onesign

I logged remotely to a server with RDP and I noticed that  I had options to restart or shutdown that server. This means we can shutdown or restart a server without physical access and without authentication:

 

We can remove the Shut down and Restart hyperlink by setting the following REG_DWORD value UseShutDownControls to 0 in the HKLM\SOFTWARE\SSOProvider\SuperGina registry key.

So this is a clear case of misconfiguration, probably due to the fact that the installation script was copied from a workstation installation where you might want to allow this setting.

But even on a workstation you might not want to have those options when connecting to it remotely. So do consider carefully if you want to enable this setting.

 

引文来源   Shutdown option on the logonscreen with Imprivata Onesign - yyimen的日志 - 网易博客