Guest susan Posted October 8, 2008 Posted October 8, 2008 I have a situation in which I want a couple users to be able to do these things (on a WIndows 2003 server): Log on remotely and restart 2 specific services The remote logon works, but I can't figure out how to grant them permissions to restart selected services. (If I make them members of the local Power Users group, they can restart the services, but I don't really want them to have all the other "rights" that go along with being a Power User.) Thanks
Guest Pegasus \(MVP\) Posted October 8, 2008 Posted October 8, 2008 Re: Permissions required to restart services "susan" <susan@discussions.microsoft.com> wrote in message news:10DDFA05-ACB4-4C14-9827-FE0F0844F36D@microsoft.com... >I have a situation in which I want a couple users to be able to do these > things (on a WIndows 2003 server): > > Log on remotely and restart 2 specific services > > The remote logon works, but I can't figure out how to grant them > permissions > to restart selected services. (If I make them members of the local Power > Users group, they can restart the services, but I don't really want them > to > have all the other "rights" that go along with being a Power User.) > > Thanks You could do it indirectly: Allow them to create a flag file that gets polled by a scheduled task once every five minutes. If it exists then the task will start the nominated services.
Guest Salvador Manaois III Posted October 9, 2008 Posted October 9, 2008 RE: Permissions required to restart services Hi Susan, I can think of four possible ways for you to do this; there could be more actually. =) Method 1. Using group policy to assign security for services: http://support.microsoft.com/kb/256345/ Method 2. Grant rights using Security Templates http://support.microsoft.com/kb/288129 Method 3. Grant rights using SubinACL.exe SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access] In you case, Access = TO (Start and stop service) http://support.microsoft.com/kb/288129 Method 4. Grant rights using SC.EXE. http://technet.microsoft.com/en-us/library/cc772676.aspx#BKMK_sdset You can use "SC sdset" to set the security descriptor of the services. This entails using SDDL to set the ACEs. http://msdn.microsoft.com/en-sg/library/aa374928(en-us,VS.85).aspx -- ....Badz... MCSE MCSA CEH MCITP | Enterprise/Server Admin Bytes & Badz : http://badzmanaois.blogspot.com "susan" wrote: > I have a situation in which I want a couple users to be able to do these > things (on a WIndows 2003 server): > > Log on remotely and restart 2 specific services > > The remote logon works, but I can't figure out how to grant them permissions > to restart selected services. (If I make them members of the local Power > Users group, they can restart the services, but I don't really want them to > have all the other "rights" that go along with being a Power User.) > > Thanks > >
Recommended Posts