# -------------------------------
# Step 1: Export current local security policy
# -------------------------------
$exportFile = "$env:TEMP\secpol.cfg"
$modifiedFile = "$env:TEMP\secpol-modified.cfg"
secedit /export /cfg $exportFile
$content = Get-Content $exportFile
# -------------------------------
# Step 2: Use Administrators group SID
# -------------------------------
$adminGroupSID = "*S-1-5-32-544" # BUILTIN\Administrators
$newLine = "SeShutdownPrivilege = $adminGroupSID"
# -------------------------------
# Step 3: Update or add SeShutdownPrivilege line
# -------------------------------
$found = $false
for ($i = 0; $i -lt $content.Count; $i++) {
if ($content[$i] -like "SeShutdownPrivilege*") {
$content[$i] = $newLine
$found = $true
break
}
}
if (-not $found) {
$content += $newLine
}
# Save modified policy
$content | Set-Content $modifiedFile
# -------------------------------
# Step 4: Apply modified policy
# -------------------------------
secedit /configure /db secedit.sdb /cfg $modifiedFile /areas USER_RIGHTS
gpupdate /force | Out-Null
This will remove everyone except the Administrators group from the ability to shutdown the system.
Local Policy should look like this after you run this. Please note the current user will need to logout / login for settings to take affect.