Pokal - by user pouzival 2 rozne ucty, tak by to slo.
Ak jeden a ten isty, tak asi nie.
(jedine asi tie ucty syncovat medzi sebou, t.j. 2 ucty - jeden obsah)
Problem je, ako rozlisit, ze ide user lokalne alebo cez RDP.
V pripade vyriesenia problemu, je toto mozne uz dalej riesit cez Gpedit, odkazy na ploche (jeden na restart, jeden na shutdown). Napada ma akurat riesenie, pustit script after login, identifikovat v nom ci je user prihlaseny cez RDP alebo console, a podla toho sa zariadit (odkazy na shutdown/restart mu to nakopirovat zo zalohy alebo zmazat. Gpedit neviem, ci by zabralo ihned alebo az po restarte, to by chcelo prubnut).
Open the Local Group Policy Editor (Win+R and gpedit.msc)
Go to:
Computer Configuration->Windows Settings->Security Settings->Local Policies->User Rights Assingment->Shut down the system
And finally add/remove specific group of users to allow/prevent them to shutdown the system.