Check or Attack Name: ShutdownWithoutLogon

Windows NT Workstation allows a shutdown without the user logging in. This feature should be disabled if a high level of security is desired, and physical access to the power cord and switch has been restricted.

Require users to log in to shut down the system.

WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

To disable shutdowns without login, follow these steps:

1. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
2. Go to the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key.
3. Change the value of the ShutdownWithoutLogon value to 0.
4. Restart your system for this change to take effect.