Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Permissions required to restart the print spooler service?

Posted on 2008-06-25
4
Medium Priority
?
877 Views
Last Modified: 2011-08-18
Hello,
We have a 2003 Active Directory domain with 20 2003 SP1 servers. We have a help desk team that i need to grant access to restart the print spooler across the servers.
We only have one policy - I've edited this to allow the group acess to restart the spooler service.
I've then created a task pad displaying the service for each server.
When a memeber of the helpdesk team attempts to stop the service they get:
Error 5 access denied

I've read that SP1 changes the acl on the 'service control manager' and have run the following command:
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
This results in the following error: The ACL structure is invalid
I've also run:
subinacl /service \\mlsspctx01\spooler /GRANT=mlslocal\tpad=F
And get back:
+service \\mlsspctx01\spooler
/GRANT=mlslocal\tpad=F
Elapsed Time: 00 00:00:00
Done:        0, Modified        0, Failed        0, Syntax errors        0

I've made sure that the policy has been refreshed, but still my user get the error 5 message... Can anyone think of what I'm doing wrong?
Thank you for looking.


0
Comment
Question by:Jason Thomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 8

Accepted Solution

by:
LKaushal earned 1500 total points
ID: 21867463
Check this --> http://support.microsoft.com/default.aspx?scid=kb;en-us;288129 
You can do it through GPO.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 21873560
Thank you, however I'm not sure that relates to my problem. We have 2003 servers.

Does anyone else have any ideas?
Thanks.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 23535949
I've managed to fix this myself. How do I close this call without issuing points?
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 23546721
No answer received.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question