[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Enable non-Administrators to start / stop Print Spooler?

Posted on 2004-09-14
6
Medium Priority
?
857 Views
Last Modified: 2008-01-09
Hello.  I have a computer lab with both XP and 2000 machines.  Every once in a while one of the 2000 machines "forgets" its printers.  I discovered the Microsoft Knowledge base article that says it is likely because the print spooler has not started, and tells you how to start it.  That's all cool, but I would like to enable that capability for the students who are regular Users, without any administrative powers.  

I thought I could accomplish this by changing the permissions on C:\winnt\system32\services.msc so that all users had full control of that file.  That didn't work.  Additionally I tried to apply the same permissions on prntspool.exe (I think that's the right filename), but it still would only allow administrative users to start or stop the print spooler service.

I am thinking that if I allow them full control of C:\winnt\system32 that might solve it, but that is out of the question as I don't want it to override what I've done with gpedit.msc.  I need to ensure that students don't screw around with important settings and do things like set the background to a pornographic picture (Yes, they've been known to do it -- before I discovered the joys of poledit and gpedit.msc!)  Yet I would like to allow just this one small bit of administrative freedom so that such a problem can be solved immediately instead of them having to wait until I can fix it.

Does anyone know how this can be accomplished?  Thanks for listening!
0
Comment
Question by:UC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 4

Expert Comment

by:averyb
ID: 12060090
Download Pstools Suite v2.06 from the link below.
http://www.sysinternals.com/ntw2k/freeware/pstools.shtml

You are particularly interested in psservice.

Create a bat file (Spooler.bat) with the following commands.

@echo off
psservice [\\Computer [-u Username [-p Password]]] restart spooler

\\Computer is the computer on which you want to start the spooler service.
Username is a local account on \\Computer that has the necessary rights to stop and start the service.  
Password is the password for the referenced account.
Using restart will stop and restart the service which can also fix other types of print server hangs.

Make sure that this file is hidden since it'll contain an admin user and password in it.  Make sure that psservice and the location of the bat file are in the path.

Now create another bat (Bounce.bat) that calls Spooler.bat.  Do not put the full path to spooler.bat in the bounce.bat.  Bounce.bat and Spooler.bat should be somewhere in the path statement.

Put a shortcut to bounce.bat on the desktop if you want.  By adding the layer of the second bat file you avoid someone simply right-clicking, Edit to view the contents of spooler.bat and seeing a valid admin user name and password.  Granted it is a local admin account on the print server, so they won't have domain admin access.

Doing this from the command line instead of the shortcut might make it harder for the users to dig around and find bounce.bat.  

I believe that the username and password specified for psservice does need to be able to log on locally to the target server.  Worth trying.  If it isn't necessary then create a separate admin account, deny logon local, and go.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 12078401
If you have the W2k Resource Kit, you can set the permissions using subinacl.exe.
To give, for example, the group "User" the permission to  s*t*art, st*o*p, and *p*ause the spooler service, this command should do it:
subinacl /service Spooler /grant=User=TOP

If you don't have the W2k Resource Kit, you can try the one for W2k3, but the subinacl.exe from that version refuses to run properly (but then again, it might be because I'm not using an English Windows version).
Windows Server 2003 Resource Kit Tools
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
0
 
LVL 85

Accepted Solution

by:
oBdA earned 1000 total points
ID: 14229016
The subinacl version from the W2k3 Resource Kit Tools was indeed buggy. The corrected version is here and will run on Windows 2000 as well:
SubInACL (SubInACL.exe)
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Have you ever run into that annoying problem where the computer won't boot?  Wouldn't it be great if you had a tool that would make that disk boot again?  I have found one tool that works more often than not ...
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question