Remote Windows Service Restart Question

Posted on 2011-04-19
Last Modified: 2012-05-11

Could a regular domain user connect to a remote Windows workstation (no firewall, etc... enabled) via My Computer/Administer/Connect to a remote Windows/ Go to Services and turn off, tun on or restart a service?

The user is just regular domain user member with any additional rights on the remote workstation.

Thank you.
Question by:llarava
    LVL 6

    Expert Comment

    LVL 12

    Accepted Solution

    What worked for me was use a tool called runasspc, this tool is free and it allow you to run a program as another user. But not like runas of windows, because you have to pass username and know the password. This tool allow you to create a encrypted file that contain the information of the program to run, the username that will run the task and the password. this information is encrypted and is not bisible for the user. You can create a bat or a shortcut to run this task from the user computer and he only has to run it.

    You can download the tool from

    Here is the command I use with this tool.

    runasspc /program:"c:\windows\system32\sc.exe" /domain:"mydomain" /user:"otheradministrator" /password:"password" /param:"\\server-ip start servicename" /cryptfile:"c:\crypt1.spc"

    And to set the bat or the shortcut

    runasspc /cryptfile:"c:\crypt1.spc"
    LVL 47

    Expert Comment

    LVL 26

    Expert Comment

    by:Leon Fester
    Typically the answer is NO,
    However, if the domain users as defined as an Administrator on that machine then yes, the person would be able to stop/start services through the Computer Management console.
    LVL 82

    Expert Comment

    The user does not need to be an administrator on the target machine. Since this is a domain, it's very easy to change permissions for a service using group policy:
    How To Configure Group Policies to Set Security for System Services in Windows Server 2003
    Some hints:
    * If this is a special service that's not available on the machine you're using to edit the GPO, you can install the GPMC on machine with this service installed and configure the GPO from there.
    * Don't give permissions for the service in question to a user account. Add a group ("Service-Management-<Servicename>" or whatever), and add the user to this group.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
    #Citrix #POC #XenDesktop #vCenter #VMware #ESX
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now