Solved

Assign limited user account ability to start/stop service

Posted on 2008-10-30
4
1,343 Views
Last Modified: 2013-12-04
Hi Experts.  I have a small batch file that I wrote to stop and start three local services that relate to Websense so that I could backup the config and database files.  Since I will be running this through Task Scheduler, I realized I would have to provide a user account with the ability to stop/start those services.  I would rather not store the local admin username and password in Task Scheduler so the question is, what is the best practice for assigning an account to start and stop this service?  

I wanted to use something like a "services" account that would only be able to control the local services, not anything else.  I wasn't sure how to assign the local service account through Task Scheduler.  Any help would be appreciated.  This is a Windows 2003 server that is not a DC but does belong to an AD domain.

** I did do several google searches and found various SC commands but I wasn't sure how to use them.  Please don't provide just a link.  Make sure you add how to use the command.  Thanks.
0
Comment
Question by:samiam41
  • 3
4 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 22844494
Simply create a regular local or domain (if network access is required) account, give it the necessary permissions to do whatever else it needs to do (and make sure only adminstrators can change the batch script it's starting).
To allow this account access to the services (which a regular user doesn't have), you can use subinacl.exe (http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en) or a group policy.
Check here for details:
How to grant users rights to manage services in Windows 2000
http://support.microsoft.com/?kbid=288129
0
 
LVL 9

Author Comment

by:samiam41
ID: 22870673
oBdA!  Thanks for the post and info.  I will look through it this afternoon/evening and post any questions I have.  
0
 
LVL 9

Author Comment

by:samiam41
ID: 23079224
Can't believe I left this open.  My apologies friend.

Solution worked as expected.  Great work!
0
 
LVL 9

Author Closing Comment

by:samiam41
ID: 31511631
Always a pleasure to have you solve one of these annoying issues.  Take care and happy holidays!

Best Regards,
Aaron
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now