• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 899
  • Last Modified:

How can I allow a standard user to start and stop a specific service without admin rights in Server 2008?

How can I allow a standard user to start and stop a specific service without admin rights in Server 2008? I Used gpedit to create a group and policies for that group however I can't seem to allow the group to start and stop specific services I went to GPO_name\Computer Configuration\Windows Settings\Security Settings\System Services\ and gave the group accounts permission to read, write, delete, or execute inheritance settings or auditing and ownership permission by clicking Edit Security. But when I login as a user of this group I don't have the option to start or stop these services. I even gave  the individual accounts permission but still no luck. The users of this group are logging into the server remotely via TS could that be the problem? I 'm not sure where to go from here. I did a gpudate /force to make sure my changes took. Any ideas what I might be missing here?
0
imij11
Asked:
imij11
  • 3
  • 2
1 Solution
 
Darius GhassemCommented:
Here are detailed instructions on giving the user ability.

http://support.microsoft.com/kb/325349
0
 
naykamCommented:
Powershell?

http://goo.gl/pwkl 
0
 
imij11Author Commented:
I've read the KB article http://support.microsoft.com/kb/325349 before. I actually used method 1 to try and create the permission. Here are a couple of screenshots of what I have configured. I want the group Choice Software to be able to start and stop a service but not any others. However If I log in as a user of this group I still can't go into services an stop the service. What's missing?
GPservice.JPG
GPservice2.JPG
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Darius GhassemCommented:
Where are you applying the policy? Run gpresults to see if the policy is applying correctly
0
 
imij11Author Commented:
The test policy is not getting applied. Here's the gpresult message:

The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Update Services Client Computers Policy
            Filtering:  Denied (Security)

        Windows SBS CSE Policy
            Filtering:  Denied (WMI Filter)
            WMI Filter: Windows SBS Client

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Test GPO
            Filtering:  Denied (Security)
0
 
Darius GhassemCommented:
You must have security filtering denying the apply of this GPO to the user you are testing. Check your Permissions\Security on the GPO

http://technet.microsoft.com/en-us/library/cc759506(WS.10).aspx
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now