• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 215
  • Last Modified:

user does not have permission to start service

I'm trying to lock down a PC that has windows XP Pro running and is not on a domain.

the issue im having is trying to allow specific users to have access to run specific services. IE: DHCP, DNS and pcAnywhere.

ive also tried to use the "LOGON" feature and that doesnt work and i cant seem to find/locate the policy to allow this.

please help



0
lgropper
Asked:
lgropper
  • 4
1 Solution
 
Jay_Jay70Commented:
Hi lgropper,

you can or you cant start the services

you do want to be able to or dont

Cheers!
0
 
lgropperAuthor Commented:
i cant
0
 
lgropperAuthor Commented:
i cant start the services as a user and i need to be able to start them. either selected services or all.
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Walter PadrónCommented:
To allow/disallow specific users to start/stop services "sc" is the tool you are looking for, you need to edit the discretionary access control lists of the services *** BE careful you can make your system unusable ***

you can set the security descriptor using
Start>RUN>sc sdset service "security descriptor"

you can view the security descriptors
Start>RUN>sc sdshow service

you also need to read this http://support.microsoft.com/kb/914392/  to understand theSecurity Descriptor Definition Language (SDDL) syntax
0
 
lgropperAuthor Commented:
thank you, i read the  documentation you provided.

i cant seem to find the syntax to use to change the values.

IE: DHCP is as follows:

D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)

How do i change (A;;CCLCSWLOCRRC;;;AU) to (A;;CCLCSWRPWPDTLOCRRC;;;AU)

but keeping all the rest of the values intact?
0
 
lgropperAuthor Commented:
ADDITION TO THE ABOVE:

i ran SC SDSET DHCP D:(A;;CCLCSW*RPWPDT*LOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)

** = my addition

and when i log in as on of the users i'm getting an " ERROR 1079: The account specified for this service is different from the account specified for other services running the in the same process."

i'm not sure why this is. all the users are under the USER group. so wouldnt my changes work for AUTHENTICATED USERS?

PLEASE HELP
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now