[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How can I delegate Authority for a user to start / stop a specific service?

Posted on 2004-08-25
3
Medium Priority
?
1,033 Views
Last Modified: 2008-02-01
Hello,

We have a Win 2003 server running an application that we need a group of users (programmers) to be able to start/stop a specific service on without giving them full control on the box.

How can I delegate Authority for a user to start / stop a specific service?  Or if I have to, all of the services.

Thanks
0
Comment
Question by:caw01
3 Comments
 
LVL 5

Expert Comment

by:dgroscost
ID: 11895422
I don't believe you can use Delegation of Control Wizard to do this.  Nor am I finding a way to control this through Group Policy Editor.  The only thing that comes close is "Act as Operating System" or "Deny Logon Service"

I'm wondering now what the best method to do this might be... perhaps set up a process via an internal web site that only certain logon credentials can use that will stop or start the service...
0
 
LVL 86

Accepted Solution

by:
oBdA earned 2000 total points
ID: 11896329
There are several ways to do this; you can use a group policy, you can use a security template, or (this should work for a W2k3 machine as well, but test this on a test machine before using it in earnest) you can use the subinacl.exe tool from the W2k3 Resource Kit tools (probably the easiest way).
If you're feeling really adventurous, there's even a fourth way, using sc.exe and the "sdset" switch, but don't ask me how to create the proper SDDL string ...

HOW TO: Configure Group Policies to Set Security for System Services in Windows Server 2003
http://support.microsoft.com/?kbid=324802

HOW TO: Grant Users Rights to Manage Services in Windows Server 2003
http://support.microsoft.com/?kbid=325349

HOW TO: Grant Users Rights to Manage Services in Windows 2000
http://support.microsoft.com/?kbid=288129

Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
0
 

Author Comment

by:caw01
ID: 11899637
We did accomplish this with a group policy.  Thanks.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

613 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question