Solved

Unable to stop fax service on SBS2003 (Permissions problem)

Posted on 2010-09-13
3
655 Views
Last Modified: 2013-12-04
I'm currently setting up a domain user with slightly less rights than a domain admin but enough to perform daily administration.

It was all going well until I discovered that this new user isnt able to stop the Fax Service (occasionally needs restarting). I can't think of how to grant access to do this and preferably without giving it access to stop/start/restart all services.

I'm probably going about this all wrong bacause this user is now practically everything but a domain admin.

Currently a member of:
Domain Power Users
Domain Users
Fax Operators
Remote Desktop Users
Remote Web Workplace Users
Server Operators
+(Anti-virus and WSUS groups)

Luckily i've started setting this up a good 2 weeks before i go on holiday so i have time to get it sorted.

Thanks in advance
0
Comment
Question by:CaTFiNcH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 33664765
You have several possibilities to delegate permissions to manage services.
I'd suggest to create a dedicated domain local group like "DL-Svc_FaxService" or whatever, give permissions to this group, and then add the user(s) or a global group with the user(s) to this group. Do NOT assign permissions directly to any resources unless there is a really good reason to do so.
How to grant users rights to manage services in Windows 2000
http://support.microsoft.com/kb/288129

If the user will be controlling the service(s) from a remote machine (which is likely, I guess), you need to change the permissions of the SCM as well, otherwise there won't be access to control any service at all:
Non-administrators cannot remotely access the Service Control Manager after you install Windows Server 2003 Service Pack 1
http://support.microsoft.com/kb/907460
0
 

Author Comment

by:CaTFiNcH
ID: 33664946
Thanks for the response oBdA, from briefly looking at that solution it seems quite invasive, but i'm more than willing to have a play in the test enviroment. I should get a chance to try this a work tomorrow and post back.
0
 
LVL 84

Assisted Solution

by:oBdA
oBdA earned 250 total points
ID: 33665002
You can try the service permission delegation on any machine for testing; it doesn't have to be the DC.
The advantage to setting permissions with a GPO is that you can see where the permissions are coming from even afterwards; but in case you want to do it from the command line using subinacl.exe, and you have the W2k3 ResKit installed already, do NOT use this version (v4.x.), it's buggy and doesn't do anything. The corrected version is here: http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
OfficeMate Freezes on login or does not load after login credentials are input.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question