?
Solved

Grant user permission to start/stop non system service using group policy

Posted on 2008-09-29
1
Medium Priority
?
5,977 Views
Last Modified: 2012-05-05
I want to grant a user permission to start and stop a few third party services on different servers using group policy.
Example:
DOMAIN\USER1 - permission to start/stop:
Service1 on ServerA
Service2 on ServerB

I know I need to run GPMC on the server which have these services installed.  My question is can I use the same GPO to grant these permissions, or would I need a GPO for each server or different service?

I am also investigating using subinacl , but I prefer a GPO.

Thanks!
0
Comment
Question by:DougR73
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 2000 total points
ID: 22601237
No, you don't nead to run GPMC on the server with the services.
Start MMC on the server and add 'security templates'-snapin.
Expand down to the templates in Security Templates -> C:\WINDOWS\security\templates to see what templates are found on the local server. Right-click on the folder-name and choose 'New Template' and enter a name for the template.
Expand the template-name and choose 'System services'.
Double-click on the service you want to configure and tick the checkbox 'Define this policy in the template'. Choose startup mode and click 'Edit security' to add the necessary permissions for the given service.
Do the same thing for other services
When all services are defined, right-click on the template-name and choose 'Save'.

Locate the template-file in %WINDIR%\Security\templates and copy it to a machine where you have GPMC installed.
Create/edit a GPO and expand down to 'Computer Configuration\Windows Settings\Security Settings'
Right-click on 'Security Settings' and choose 'Import Policy'

Link the GPO to the OU with the servers to configure all servers in that OU with the same service configuration.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question