Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 467
  • Last Modified:

Group Policy - Log On As Service - Service unique to a PC

I am trying to run a number of services on a machine using an account which does not have local admin rights.

The services are not part of the standard Windows Services available in Group Policy for definition, they are for applications only installed on a particular PC.

I have tried using a User and a Computer based policy to provide Log On As Service permissions to the user account in question, but this doesn't work.

The account has full control over the install directories these services run from/write logs to.

Can anyone suggest anything?

Thanks in advance.
0
csnmeexchange
Asked:
csnmeexchange
2 Solutions
 
ashutoshsapreCommented:
Instead you can use the Security Configuration and Analysis snapin to configure the service and assign rights to the Local Account so that you can use that account to start/stop service.
Use the following steps:
1).Open mmc and add the Security Configuration and Analysis snapin.
2).Follow the instruction on the right window pane to create a new database.
3).Select setup security.inf for template and then click on Open.
4).Right click on Security Configuration and Analysis and select Analyze Computer Now
5).After the analysis is done go to System Services and locate the service on which you need to have the local account rights to start/stop
6).Double click on the service and then click on View Security button.
7).Add the user account and give the Start, stop and pause rights to the account.
8).After you finish adding the user permissions on all the desired services, right click on Security Configuration and Analysis and then select Configure Computer Now
9).After this is done, restart the computer.
0
 
Leon FesterIT Project Change ManagerCommented:
Use subinacl to change permissions on the service.

Tutorial
http://ss64.com/nt/subinacl.html

Download
http://www.microsoft.com/downloads/en/details.aspx?familyid=e8ba3e56-d8fe-4a91-93cf-
ed6985e3927b&displaylang=en

You can just add the completed command line as a script to your logon script or deployed via GPO.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now