Solved

How can I delegate Authority for a user to start / stop a specific service?

Posted on 2004-08-25
3
1,024 Views
Last Modified: 2008-02-01
Hello,

We have a Win 2003 server running an application that we need a group of users (programmers) to be able to start/stop a specific service on without giving them full control on the box.

How can I delegate Authority for a user to start / stop a specific service?  Or if I have to, all of the services.

Thanks
0
Comment
Question by:caw01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Expert Comment

by:dgroscost
ID: 11895422
I don't believe you can use Delegation of Control Wizard to do this.  Nor am I finding a way to control this through Group Policy Editor.  The only thing that comes close is "Act as Operating System" or "Deny Logon Service"

I'm wondering now what the best method to do this might be... perhaps set up a process via an internal web site that only certain logon credentials can use that will stop or start the service...
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 11896329
There are several ways to do this; you can use a group policy, you can use a security template, or (this should work for a W2k3 machine as well, but test this on a test machine before using it in earnest) you can use the subinacl.exe tool from the W2k3 Resource Kit tools (probably the easiest way).
If you're feeling really adventurous, there's even a fourth way, using sc.exe and the "sdset" switch, but don't ask me how to create the proper SDDL string ...

HOW TO: Configure Group Policies to Set Security for System Services in Windows Server 2003
http://support.microsoft.com/?kbid=324802

HOW TO: Grant Users Rights to Manage Services in Windows Server 2003
http://support.microsoft.com/?kbid=325349

HOW TO: Grant Users Rights to Manage Services in Windows 2000
http://support.microsoft.com/?kbid=288129

Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
0
 

Author Comment

by:caw01
ID: 11899637
We did accomplish this with a group policy.  Thanks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question