How can I delegate Authority for a user to start / stop a specific service?

Hello,

We have a Win 2003 server running an application that we need a group of users (programmers) to be able to start/stop a specific service on without giving them full control on the box.

How can I delegate Authority for a user to start / stop a specific service?  Or if I have to, all of the services.

Thanks
caw01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dgroscostCommented:
I don't believe you can use Delegation of Control Wizard to do this.  Nor am I finding a way to control this through Group Policy Editor.  The only thing that comes close is "Act as Operating System" or "Deny Logon Service"

I'm wondering now what the best method to do this might be... perhaps set up a process via an internal web site that only certain logon credentials can use that will stop or start the service...
0
oBdACommented:
There are several ways to do this; you can use a group policy, you can use a security template, or (this should work for a W2k3 machine as well, but test this on a test machine before using it in earnest) you can use the subinacl.exe tool from the W2k3 Resource Kit tools (probably the easiest way).
If you're feeling really adventurous, there's even a fourth way, using sc.exe and the "sdset" switch, but don't ask me how to create the proper SDDL string ...

HOW TO: Configure Group Policies to Set Security for System Services in Windows Server 2003
http://support.microsoft.com/?kbid=324802

HOW TO: Grant Users Rights to Manage Services in Windows Server 2003
http://support.microsoft.com/?kbid=325349

HOW TO: Grant Users Rights to Manage Services in Windows 2000
http://support.microsoft.com/?kbid=288129

Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
caw01Author Commented:
We did accomplish this with a group policy.  Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.