<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

How to: Allow users to start / stop (server) services

Published on
13,338 Points
7,238 Views
1 Endorsement
Last Modified:
Approved
Community Pick
If you're working for a huge coorporation, you'll probably shiver at the idea of allowing any users to start or stop services on your Windows Servers.  In small companies, however, it's not always easy or even possible for the System Admin to follow the "perfect safety instructions".  

Take my example.  I work for a company, Drenco N.V.  Although we're active in different markets, there's only a few people that actually work at the main office.  Of those people, there's only one System Admin, and that's me.  So, if I want to have some rest during my vacations it's of the upmost importance that others can "fix" problems that occur.  

One of these errors happens to be the DNS server on our SBS 2003 box that occasionally needs a restart.  Just recently, I found a way to allow (trusted) users to stop / start this service (and other services), so they'll be able to perform this simple task, without much risk to the rest of the network.

Are you in a situation like mine? If you need certain non-admin users to be able to stop / start services on a Windows server, the following guide will be usefull to you.  

How to do it.

First of all, we need to install a component from the Microsoft Resource kit.  The file in question is SUBINACL.exe Link to the download:

If you've downloaded the file, install it on your server.  Note: choose an installation location that's easy to find.  You'll need to navigate there w/ the command prompt.  
Open your command prompt, and navigate to the folder where you installed the tool. (Default: c:\Program Files\Microsoft Resource Kit\Tools)
Run the following command - replace everything between ( ) with your own parameters and, obviously, get rid of the ( ).  
SUBINACL /service \\(target machine)\(short name of service to restart) GRANT= (domain)\(user).  

Create a Batch job

Now that the server side is all taken care off, you'll want to make it as easy as possible for your user in question to start / stop the service.  Open notepad, and use the following lines:
sc \\(target machine) (command) (service)
Save the file as (somename).bat and send it to the user; who then only needs to run the file.  

Examples:

For the SUBINACL command= SUBINACL /service \\192.168.0.200\DNS GRANT= toretto.local\Toretto
For the SC command (this .bat file would restart the DNS service on the target machine):  
sc \\192.168.0.200 stop DNS
sc \\192.168.0.200 start DNS

And that's it!  Remember, be carefull which rights you're giving to what user, the commands can be very powerful and a little dangerous in the wrong hands.  
1
Comment
Author:Toretto
  • 2
4 Comments

Expert Comment

by:Bobbyjgr63
I received an error saying the Service does not exist but it does, I tryed the short name and full name of the servcie, same result
0
LVL 5

Expert Comment

by:sujithmd
Please provide the service name rather than the display name attaching a sample screenshot showing the service name and dispaly name.
0
LVL 5

Expert Comment

by:sujithmd
sorry attachment not wokring you can double click the service and see the service name and the display name
0
LVL 12

Expert Comment

by:Sommerblink
Hello Toretto.

This is excellent How To. The one thing that I would like to add is that with the sc command, once executed, it immediately exits out to the command prompt. In a batch script, this means that the second command (to start the service in this example) would execute immediately. I've had times where some services don't stop quickly enough and the attempt to start a shutting down service causes an error.

In these cases I've had to add a 'pause' between stopping and starting commands. The simplest way I've found to do this is to invoke Ping.

You will want to ping the localhost, or 127.0.0.1 (technically, anything at 127.0.0.0/8), with a count. This way it is universally compatible with any computer running the script. Each ping takes approximately one second, so if you needed to wait 5 seconds the command would look like this:
"ping -n 5 127.0.0.1"

Good article!
0

Featured Post

IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Join & Write a Comment

Discover the basics of using Outlook 2016 from office 365.
This is Part-2 of Learning to use the Power of Mailwasher Pro so if you haven't watched Part-1 yet, I urge you to do so before watching this video. Click this link to watch Part-1 (https://www.experts-exchange.com/videos/56638/Learn-to-use-the-POWER…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month