Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Permissions required to restart the print spooler service?

Posted on 2008-06-25
4
Medium Priority
?
885 Views
Last Modified: 2011-08-18
Hello,
We have a 2003 Active Directory domain with 20 2003 SP1 servers. We have a help desk team that i need to grant access to restart the print spooler across the servers.
We only have one policy - I've edited this to allow the group acess to restart the spooler service.
I've then created a task pad displaying the service for each server.
When a memeber of the helpdesk team attempts to stop the service they get:
Error 5 access denied

I've read that SP1 changes the acl on the 'service control manager' and have run the following command:
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
This results in the following error: The ACL structure is invalid
I've also run:
subinacl /service \\mlsspctx01\spooler /GRANT=mlslocal\tpad=F
And get back:
+service \\mlsspctx01\spooler
/GRANT=mlslocal\tpad=F
Elapsed Time: 00 00:00:00
Done:        0, Modified        0, Failed        0, Syntax errors        0

I've made sure that the policy has been refreshed, but still my user get the error 5 message... Can anyone think of what I'm doing wrong?
Thank you for looking.


0
Comment
Question by:Jason Thomas
  • 3
4 Comments
 
LVL 8

Accepted Solution

by:
LKaushal earned 1500 total points
ID: 21867463
Check this --> http://support.microsoft.com/default.aspx?scid=kb;en-us;288129 
You can do it through GPO.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 21873560
Thank you, however I'm not sure that relates to my problem. We have 2003 servers.

Does anyone else have any ideas?
Thanks.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 23535949
I've managed to fix this myself. How do I close this call without issuing points?
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 23546721
No answer received.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question