Link to home
Start Free TrialLog in
Avatar of imij11
imij11Flag for United States of America

asked on

How can I allow a standard user to start and stop a specific service without admin rights in Server 2008?

How can I allow a standard user to start and stop a specific service without admin rights in Server 2008? I Used gpedit to create a group and policies for that group however I can't seem to allow the group to start and stop specific services I went to GPO_name\Computer Configuration\Windows Settings\Security Settings\System Services\ and gave the group accounts permission to read, write, delete, or execute inheritance settings or auditing and ownership permission by clicking Edit Security. But when I login as a user of this group I don't have the option to start or stop these services. I even gave  the individual accounts permission but still no luck. The users of this group are logging into the server remotely via TS could that be the problem? I 'm not sure where to go from here. I did a gpudate /force to make sure my changes took. Any ideas what I might be missing here?
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Here are detailed instructions on giving the user ability.

http://support.microsoft.com/kb/325349
Powershell?

http://goo.gl/pwkl 
Avatar of imij11

ASKER

I've read the KB article http://support.microsoft.com/kb/325349 before. I actually used method 1 to try and create the permission. Here are a couple of screenshots of what I have configured. I want the group Choice Software to be able to start and stop a service but not any others. However If I log in as a user of this group I still can't go into services an stop the service. What's missing?
GPservice.JPG
GPservice2.JPG
Where are you applying the policy? Run gpresults to see if the policy is applying correctly
Avatar of imij11

ASKER

The test policy is not getting applied. Here's the gpresult message:

The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Update Services Client Computers Policy
            Filtering:  Denied (Security)

        Windows SBS CSE Policy
            Filtering:  Denied (WMI Filter)
            WMI Filter: Windows SBS Client

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Test GPO
            Filtering:  Denied (Security)
ASKER CERTIFIED SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial