Solved

How can I allow a standard user to start and stop a specific service without admin rights in Server 2008?

Posted on 2010-09-07
6
891 Views
Last Modified: 2012-05-10
How can I allow a standard user to start and stop a specific service without admin rights in Server 2008? I Used gpedit to create a group and policies for that group however I can't seem to allow the group to start and stop specific services I went to GPO_name\Computer Configuration\Windows Settings\Security Settings\System Services\ and gave the group accounts permission to read, write, delete, or execute inheritance settings or auditing and ownership permission by clicking Edit Security. But when I login as a user of this group I don't have the option to start or stop these services. I even gave  the individual accounts permission but still no luck. The users of this group are logging into the server remotely via TS could that be the problem? I 'm not sure where to go from here. I did a gpudate /force to make sure my changes took. Any ideas what I might be missing here?
0
Comment
Question by:imij11
  • 3
  • 2
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33622687
Here are detailed instructions on giving the user ability.

http://support.microsoft.com/kb/325349
0
 
LVL 12

Expert Comment

by:naykam
ID: 33622797
Powershell?

http://goo.gl/pwkl 
0
 

Author Comment

by:imij11
ID: 33649675
I've read the KB article http://support.microsoft.com/kb/325349 before. I actually used method 1 to try and create the permission. Here are a couple of screenshots of what I have configured. I want the group Choice Software to be able to start and stop a service but not any others. However If I log in as a user of this group I still can't go into services an stop the service. What's missing?
GPservice.JPG
GPservice2.JPG
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33650485
Where are you applying the policy? Run gpresults to see if the policy is applying correctly
0
 

Author Comment

by:imij11
ID: 33685945
The test policy is not getting applied. Here's the gpresult message:

The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Update Services Client Computers Policy
            Filtering:  Denied (Security)

        Windows SBS CSE Policy
            Filtering:  Denied (WMI Filter)
            WMI Filter: Windows SBS Client

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Test GPO
            Filtering:  Denied (Security)
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 33685968
You must have security filtering denying the apply of this GPO to the user you are testing. Check your Permissions\Security on the GPO

http://technet.microsoft.com/en-us/library/cc759506(WS.10).aspx
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question