Solved

How can I allow a standard user to start and stop a specific service without admin rights in Server 2008?

Posted on 2010-09-07
6
894 Views
Last Modified: 2012-05-10
How can I allow a standard user to start and stop a specific service without admin rights in Server 2008? I Used gpedit to create a group and policies for that group however I can't seem to allow the group to start and stop specific services I went to GPO_name\Computer Configuration\Windows Settings\Security Settings\System Services\ and gave the group accounts permission to read, write, delete, or execute inheritance settings or auditing and ownership permission by clicking Edit Security. But when I login as a user of this group I don't have the option to start or stop these services. I even gave  the individual accounts permission but still no luck. The users of this group are logging into the server remotely via TS could that be the problem? I 'm not sure where to go from here. I did a gpudate /force to make sure my changes took. Any ideas what I might be missing here?
0
Comment
Question by:imij11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33622687
Here are detailed instructions on giving the user ability.

http://support.microsoft.com/kb/325349
0
 
LVL 12

Expert Comment

by:naykam
ID: 33622797
Powershell?

http://goo.gl/pwkl 
0
 

Author Comment

by:imij11
ID: 33649675
I've read the KB article http://support.microsoft.com/kb/325349 before. I actually used method 1 to try and create the permission. Here are a couple of screenshots of what I have configured. I want the group Choice Software to be able to start and stop a service but not any others. However If I log in as a user of this group I still can't go into services an stop the service. What's missing?
GPservice.JPG
GPservice2.JPG
0
Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33650485
Where are you applying the policy? Run gpresults to see if the policy is applying correctly
0
 

Author Comment

by:imij11
ID: 33685945
The test policy is not getting applied. Here's the gpresult message:

The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Update Services Client Computers Policy
            Filtering:  Denied (Security)

        Windows SBS CSE Policy
            Filtering:  Denied (WMI Filter)
            WMI Filter: Windows SBS Client

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Test GPO
            Filtering:  Denied (Security)
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 33685968
You must have security filtering denying the apply of this GPO to the user you are testing. Check your Permissions\Security on the GPO

http://technet.microsoft.com/en-us/library/cc759506(WS.10).aspx
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question