Solved

How can I delegate Authority for a user to start / stop a specific service?

Posted on 2004-08-25
3
1,023 Views
Last Modified: 2008-02-01
Hello,

We have a Win 2003 server running an application that we need a group of users (programmers) to be able to start/stop a specific service on without giving them full control on the box.

How can I delegate Authority for a user to start / stop a specific service?  Or if I have to, all of the services.

Thanks
0
Comment
Question by:caw01
3 Comments
 
LVL 5

Expert Comment

by:dgroscost
ID: 11895422
I don't believe you can use Delegation of Control Wizard to do this.  Nor am I finding a way to control this through Group Policy Editor.  The only thing that comes close is "Act as Operating System" or "Deny Logon Service"

I'm wondering now what the best method to do this might be... perhaps set up a process via an internal web site that only certain logon credentials can use that will stop or start the service...
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 11896329
There are several ways to do this; you can use a group policy, you can use a security template, or (this should work for a W2k3 machine as well, but test this on a test machine before using it in earnest) you can use the subinacl.exe tool from the W2k3 Resource Kit tools (probably the easiest way).
If you're feeling really adventurous, there's even a fourth way, using sc.exe and the "sdset" switch, but don't ask me how to create the proper SDDL string ...

HOW TO: Configure Group Policies to Set Security for System Services in Windows Server 2003
http://support.microsoft.com/?kbid=324802

HOW TO: Grant Users Rights to Manage Services in Windows Server 2003
http://support.microsoft.com/?kbid=325349

HOW TO: Grant Users Rights to Manage Services in Windows 2000
http://support.microsoft.com/?kbid=288129

Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
0
 

Author Comment

by:caw01
ID: 11899637
We did accomplish this with a group policy.  Thanks.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question