Solved

Assign limited user account ability to start/stop service

Posted on 2008-10-30
4
1,346 Views
Last Modified: 2013-12-04
Hi Experts.  I have a small batch file that I wrote to stop and start three local services that relate to Websense so that I could backup the config and database files.  Since I will be running this through Task Scheduler, I realized I would have to provide a user account with the ability to stop/start those services.  I would rather not store the local admin username and password in Task Scheduler so the question is, what is the best practice for assigning an account to start and stop this service?  

I wanted to use something like a "services" account that would only be able to control the local services, not anything else.  I wasn't sure how to assign the local service account through Task Scheduler.  Any help would be appreciated.  This is a Windows 2003 server that is not a DC but does belong to an AD domain.

** I did do several google searches and found various SC commands but I wasn't sure how to use them.  Please don't provide just a link.  Make sure you add how to use the command.  Thanks.
0
Comment
Question by:samiam41
  • 3
4 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 22844494
Simply create a regular local or domain (if network access is required) account, give it the necessary permissions to do whatever else it needs to do (and make sure only adminstrators can change the batch script it's starting).
To allow this account access to the services (which a regular user doesn't have), you can use subinacl.exe (http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en) or a group policy.
Check here for details:
How to grant users rights to manage services in Windows 2000
http://support.microsoft.com/?kbid=288129
0
 
LVL 9

Author Comment

by:samiam41
ID: 22870673
oBdA!  Thanks for the post and info.  I will look through it this afternoon/evening and post any questions I have.  
0
 
LVL 9

Author Comment

by:samiam41
ID: 23079224
Can't believe I left this open.  My apologies friend.

Solution worked as expected.  Great work!
0
 
LVL 9

Author Closing Comment

by:samiam41
ID: 31511631
Always a pleasure to have you solve one of these annoying issues.  Take care and happy holidays!

Best Regards,
Aaron
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now