Solved

How can I allow a standard user to start and stop a specific service without admin rights in Server 2008?

Posted on 2010-09-07
6
889 Views
Last Modified: 2012-05-10
How can I allow a standard user to start and stop a specific service without admin rights in Server 2008? I Used gpedit to create a group and policies for that group however I can't seem to allow the group to start and stop specific services I went to GPO_name\Computer Configuration\Windows Settings\Security Settings\System Services\ and gave the group accounts permission to read, write, delete, or execute inheritance settings or auditing and ownership permission by clicking Edit Security. But when I login as a user of this group I don't have the option to start or stop these services. I even gave  the individual accounts permission but still no luck. The users of this group are logging into the server remotely via TS could that be the problem? I 'm not sure where to go from here. I did a gpudate /force to make sure my changes took. Any ideas what I might be missing here?
0
Comment
Question by:imij11
  • 3
  • 2
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Here are detailed instructions on giving the user ability.

http://support.microsoft.com/kb/325349
0
 
LVL 12

Expert Comment

by:naykam
Comment Utility
Powershell?

http://goo.gl/pwkl
0
 

Author Comment

by:imij11
Comment Utility
I've read the KB article http://support.microsoft.com/kb/325349 before. I actually used method 1 to try and create the permission. Here are a couple of screenshots of what I have configured. I want the group Choice Software to be able to start and stop a service but not any others. However If I log in as a user of this group I still can't go into services an stop the service. What's missing?
GPservice.JPG
GPservice2.JPG
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Where are you applying the policy? Run gpresults to see if the policy is applying correctly
0
 

Author Comment

by:imij11
Comment Utility
The test policy is not getting applied. Here's the gpresult message:

The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Update Services Client Computers Policy
            Filtering:  Denied (Security)

        Windows SBS CSE Policy
            Filtering:  Denied (WMI Filter)
            WMI Filter: Windows SBS Client

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Test GPO
            Filtering:  Denied (Security)
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
Comment Utility
You must have security filtering denying the apply of this GPO to the user you are testing. Check your Permissions\Security on the GPO

http://technet.microsoft.com/en-us/library/cc759506(WS.10).aspx
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now