Jump to content

Permissions required to restart services

Guest susan

By Guest susan
in Windows 2003 Server

 Share

Recommended Posts

Guest susan

Guest susan

Posted
Posted

I have a situation in which I want a couple users to be able to do these

things (on a WIndows 2003 server):

 

Log on remotely and restart 2 specific services

 

The remote logon works, but I can't figure out how to grant them permissions

to restart selected services. (If I make them members of the local Power

Users group, they can restart the services, but I don't really want them to

have all the other "rights" that go along with being a Power User.)

 

Thanks

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: Permissions required to restart services

 

 

"susan" <susan@discussions.microsoft.com> wrote in message

news:10DDFA05-ACB4-4C14-9827-FE0F0844F36D@microsoft.com...

>I have a situation in which I want a couple users to be able to do these

> things (on a WIndows 2003 server):

>

> Log on remotely and restart 2 specific services

>

> The remote logon works, but I can't figure out how to grant them

> permissions

> to restart selected services. (If I make them members of the local Power

> Users group, they can restart the services, but I don't really want them

> to

> have all the other "rights" that go along with being a Power User.)

>

> Thanks

 

You could do it indirectly: Allow them to create a flag file that gets

polled by a scheduled task once every five minutes. If it exists then the

task will start the nominated services.

Guest Salvador Manaois III

Guest Salvador Manaois III

Posted
Posted

RE: Permissions required to restart services

 

Hi Susan,

 

I can think of four possible ways for you to do this; there could be more

actually. =)

 

Method 1.

Using group policy to assign security for services:

http://support.microsoft.com/kb/256345/

 

Method 2.

Grant rights using Security Templates

http://support.microsoft.com/kb/288129

 

Method 3.

Grant rights using SubinACL.exe

 

SUBINACL /SERVICE \\MachineName\ServiceName

/GRANT=[DomainName\]UserName[=Access]

 

In you case, Access = TO (Start and stop service)

http://support.microsoft.com/kb/288129

 

Method 4.

Grant rights using SC.EXE.

http://technet.microsoft.com/en-us/library/cc772676.aspx#BKMK_sdset

 

You can use "SC sdset" to set the security descriptor of the services. This

entails using SDDL to set the ACEs.

http://msdn.microsoft.com/en-sg/library/aa374928(en-us,VS.85).aspx

 

--

....Badz...

MCSE MCSA CEH MCITP | Enterprise/Server Admin

Bytes & Badz : http://badzmanaois.blogspot.com

 

 

"susan" wrote:

> I have a situation in which I want a couple users to be able to do these

> things (on a WIndows 2003 server):

>

> Log on remotely and restart 2 specific services

>

> The remote logon works, but I can't figure out how to grant them permissions

> to restart selected services. (If I make them members of the local Power

> Users group, they can restart the services, but I don't really want them to

> have all the other "rights" that go along with being a Power User.)

>

> Thanks

>

>

 Share
Go to topic listing
×
×
  • Create New...