[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Microsoft, Windows , Windows Server 2003 2000, Windows Service Security

Posted on 2007-08-03
12
Medium Priority
?
197 Views
Last Modified: 2013-11-05
Hi Expects Exchange Members
I need to give a user the ability to view windows services are running on a server, but I dont want the user to have admin rights on the server.

How would I best achieve this?

Thank you for reading.

Regards
GrahamR99
0
Comment
Question by:GrahamR99
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 31

Expert Comment

by:merowinger
ID: 19623254
what about a script:
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Service WHERE STATE='RUNNING'")
For Each objItem in colItems
    Wscript.Echo "Service Name: " & objItem.Name & vbCrlf
Next
'~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0
 

Author Comment

by:GrahamR99
ID: 19623300
Hi Merowinger
Thank you for your answer, but I am hoping to achieve this by using standard Windows tools, if its not possible then I will go the script route.

Regards

GrahamR99
0
 
LVL 31

Expert Comment

by:merowinger
ID: 19623351
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 18

Accepted Solution

by:
PowerIT earned 2000 total points
ID: 19623456
Standard tool: Start/Run/services.msc + ENTER
A non admin user can start the services mmc and see if they are running but can not start or stop the services.
To do the above, have the user login at the console or through remote desktop.

J.
0
 
LVL 5

Expert Comment

by:rjmedina
ID: 19623748
I agree with PowerIT that services.msc is the way to go, however, the user in question probably doens't need to remote desktop or login at the console.

You could add the user to the default server group "Performance Monitor Users" which will allow the members of the group to be able to monitor the system.  

Then the user can open services.msc or right-click on their "My Computer" and select manage.  Once into either tool, have the user right-click on the services (local) or on Computer Management (local) and select "Connect to another computer..."

Hope this helps
0
 
LVL 11

Expert Comment

by:Chris Gralike
ID: 19643079
do mind that the "Performance Monitor Users" will allow them to create prefmon logs, and start / stop those...
0
 

Author Comment

by:GrahamR99
ID: 19690132
Hi
I have added a user to the domain "Performance Monitor Users" Group, but the user was not able to access services on a remote server, using Manage and changing the computer I wish to manage.

I was unable to find a local group called "Performance Monitor Users" do I have to create it on the local sever, but I think that won't work either.

Does the user have to logon to the machine for this to be able to work?

Regards

GrahamR99
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 19691533
Like I said: connect through remote desktop.
First make sure that the user as added to the 'Remote Desktop Users' local group of that machine.

J.
0
 

Author Comment

by:GrahamR99
ID: 19977444
Hi merowinger
It looks like I need to resolve the problem I am going to use your Script, but I have difficulties using it.

I have copied the code you supplied to a VB app, but it would not run, is there any points you could give me to help me resolve the issue.

Regards

GrahamR99
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20324265
Forced accept.

Computer101
EE Admin
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question