Solved

Permissions required to restart the print spooler service?

Posted on 2008-06-25
4
862 Views
Last Modified: 2011-08-18
Hello,
We have a 2003 Active Directory domain with 20 2003 SP1 servers. We have a help desk team that i need to grant access to restart the print spooler across the servers.
We only have one policy - I've edited this to allow the group acess to restart the spooler service.
I've then created a task pad displaying the service for each server.
When a memeber of the helpdesk team attempts to stop the service they get:
Error 5 access denied

I've read that SP1 changes the acl on the 'service control manager' and have run the following command:
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
This results in the following error: The ACL structure is invalid
I've also run:
subinacl /service \\mlsspctx01\spooler /GRANT=mlslocal\tpad=F
And get back:
+service \\mlsspctx01\spooler
/GRANT=mlslocal\tpad=F
Elapsed Time: 00 00:00:00
Done:        0, Modified        0, Failed        0, Syntax errors        0

I've made sure that the policy has been refreshed, but still my user get the error 5 message... Can anyone think of what I'm doing wrong?
Thank you for looking.


0
Comment
Question by:Jason Thomas
  • 3
4 Comments
 
LVL 8

Accepted Solution

by:
LKaushal earned 500 total points
ID: 21867463
Check this --> http://support.microsoft.com/default.aspx?scid=kb;en-us;288129 
You can do it through GPO.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 21873560
Thank you, however I'm not sure that relates to my problem. We have 2003 servers.

Does anyone else have any ideas?
Thanks.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 23535949
I've managed to fix this myself. How do I close this call without issuing points?
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 23546721
No answer received.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question