We have this computer management tool that runs as a service, which runs as Local System. I have been asked, to write something that will enable some administrators to shut down a bunch of computers at some designated time. I think this is a bad idea, but my opinion in this matter is not being asked.

The InitiateSystemShutdown Function requires the SE_SHUTDOWN_NAME privilege.

Local System Account has this privilege, but it is disabled.

I have been reading the API stuff on AdjustTokenPrivileges Function, but I am getting a bit confused.

I am confused on two fronts. The first is, do I have all the privileges to enable the SE_SHUTDOWN_NAME privilege on "Local System".

The next is, how do I do that? I am not sure how to get the current process access token. Furthermore, my experience with tokens is to get a token, and then to "CreateProcessWithTokenW".

What is different here is that I want to affect the current token I am running under to execute an API call I am not normally allowed to call.

To make it harder, I can't debug and test very well because I am not running as Local System. Admin users can shut down the system, so that would succeed for me if I were trying to test.

If anyone has some code snippets I can build around, I would greatly appreciate it.