Remote Windows Service Restart Question

Posted on 2011-04-19
Medium Priority
Last Modified: 2012-05-11

Could a regular domain user connect to a remote Windows workstation (no firewall, etc... enabled) via My Computer/Administer/Connect to a remote Windows/ Go to Services and turn off, tun on or restart a service?

The user is just regular domain user member with any additional rights on the remote workstation.

Thank you.
Question by:llarava

Expert Comment

ID: 35429275
LVL 12

Accepted Solution

serchlop earned 2000 total points
ID: 35429316
What worked for me was use a tool called runasspc, this tool is free and it allow you to run a program as another user. But not like runas of windows, because you have to pass username and know the password. This tool allow you to create a encrypted file that contain the information of the program to run, the username that will run the task and the password. this information is encrypted and is not bisible for the user. You can create a bat or a shortcut to run this task from the user computer and he only has to run it.

You can download the tool from http://www.robotronic.de/runasspcEn.html

Here is the command I use with this tool.

runasspc /program:"c:\windows\system32\sc.exe" /domain:"mydomain" /user:"otheradministrator" /password:"password" /param:"\\server-ip start servicename" /cryptfile:"c:\crypt1.spc"

And to set the bat or the shortcut

runasspc /cryptfile:"c:\crypt1.spc"
LVL 47

Expert Comment

by:Donald Stewart
ID: 35429343
LVL 26

Expert Comment

by:Leon Fester
ID: 35431020
Typically the answer is NO,
However, if the domain users as defined as an Administrator on that machine then yes, the person would be able to stop/start services through the Computer Management console.
LVL 85

Expert Comment

ID: 35431629
The user does not need to be an administrator on the target machine. Since this is a domain, it's very easy to change permissions for a service using group policy:
How To Configure Group Policies to Set Security for System Services in Windows Server 2003
Some hints:
* If this is a special service that's not available on the machine you're using to edit the GPO, you can install the GPMC on machine with this service installed and configure the GPO from there.
* Don't give permissions for the service in question to a user account. Add a group ("Service-Management-<Servicename>" or whatever), and add the user to this group.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question