Solved

Assign limited user account ability to start/stop service

Posted on 2008-10-30
4
1,355 Views
Last Modified: 2013-12-04
Hi Experts.  I have a small batch file that I wrote to stop and start three local services that relate to Websense so that I could backup the config and database files.  Since I will be running this through Task Scheduler, I realized I would have to provide a user account with the ability to stop/start those services.  I would rather not store the local admin username and password in Task Scheduler so the question is, what is the best practice for assigning an account to start and stop this service?  

I wanted to use something like a "services" account that would only be able to control the local services, not anything else.  I wasn't sure how to assign the local service account through Task Scheduler.  Any help would be appreciated.  This is a Windows 2003 server that is not a DC but does belong to an AD domain.

** I did do several google searches and found various SC commands but I wasn't sure how to use them.  Please don't provide just a link.  Make sure you add how to use the command.  Thanks.
0
Comment
Question by:samiam41
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 22844494
Simply create a regular local or domain (if network access is required) account, give it the necessary permissions to do whatever else it needs to do (and make sure only adminstrators can change the batch script it's starting).
To allow this account access to the services (which a regular user doesn't have), you can use subinacl.exe (http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en) or a group policy.
Check here for details:
How to grant users rights to manage services in Windows 2000
http://support.microsoft.com/?kbid=288129
0
 
LVL 9

Author Comment

by:samiam41
ID: 22870673
oBdA!  Thanks for the post and info.  I will look through it this afternoon/evening and post any questions I have.  
0
 
LVL 9

Author Comment

by:samiam41
ID: 23079224
Can't believe I left this open.  My apologies friend.

Solution worked as expected.  Great work!
0
 
LVL 9

Author Closing Comment

by:samiam41
ID: 31511631
Always a pleasure to have you solve one of these annoying issues.  Take care and happy holidays!

Best Regards,
Aaron
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question