?
Solved

Group policy and System Services

Posted on 2004-04-20
5
Medium Priority
?
347 Views
Last Modified: 2008-01-16
Hi - from within Group Policy you can assign access rights to system services so that non admins can stop, start, restart services etc. Does anyone know how to add services to the list?i.e I have a member server with a service not in the default list and I need to allow a non admin rights to restart it??
0
Comment
Question by:nisters10
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 7

Expert Comment

by:spareticus
ID: 10871081
FInd the service short name using services.msc.  In the properties of the service, you will see the name of the service next to "Service Name"
Once you know the service name, you can add it to the text file in the policy under [Service General Setting]<sysvol>\sysvol\<domain>\Policies\<policy GUID>\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf

Once it is added into the text file, open your gp editing tool (are you using GPMC yet?), and change the security.
Have you seen the place for setting security in this, or did you need assistance with that as well.
0
 

Author Comment

by:nisters10
ID: 10871724
Found the service name but not sure of the next step? I know how to set the permissions on the services I just can't add any new services to the policy. any help greatly appreciated..
0
 
LVL 7

Accepted Solution

by:
spareticus earned 2000 total points
ID: 10872184
browse to the following directory on your DC

<sysvol>\sysvol\<domain>\Policies\<policy GUID>\MACHINE\Microsoft\Windows NT\SecEdit\

edit the gpttmpl.inf file and add your service name to [Service General Setting]

then edit the actual GPO and set the security the way you want it.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question