Solved

Grant user permission to start/stop non system service using group policy

Posted on 2008-09-29
1
5,828 Views
Last Modified: 2012-05-05
I want to grant a user permission to start and stop a few third party services on different servers using group policy.
Example:
DOMAIN\USER1 - permission to start/stop:
Service1 on ServerA
Service2 on ServerB

I know I need to run GPMC on the server which have these services installed.  My question is can I use the same GPO to grant these permissions, or would I need a GPO for each server or different service?

I am also investigating using subinacl , but I prefer a GPO.

Thanks!
0
Comment
Question by:DougR73
1 Comment
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 500 total points
ID: 22601237
No, you don't nead to run GPMC on the server with the services.
Start MMC on the server and add 'security templates'-snapin.
Expand down to the templates in Security Templates -> C:\WINDOWS\security\templates to see what templates are found on the local server. Right-click on the folder-name and choose 'New Template' and enter a name for the template.
Expand the template-name and choose 'System services'.
Double-click on the service you want to configure and tick the checkbox 'Define this policy in the template'. Choose startup mode and click 'Edit security' to add the necessary permissions for the given service.
Do the same thing for other services
When all services are defined, right-click on the template-name and choose 'Save'.

Locate the template-file in %WINDIR%\Security\templates and copy it to a machine where you have GPMC installed.
Create/edit a GPO and expand down to 'Computer Configuration\Windows Settings\Security Settings'
Right-click on 'Security Settings' and choose 'Import Policy'

Link the GPO to the OU with the servers to configure all servers in that OU with the same service configuration.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question