Solved

local system account

Posted on 2014-01-23
6
368 Views
Last Modified: 2014-01-28
I have been asked to grant user "local system" of a server permission to restart a service.

It's not a user account in the security system to edit permissions on.

The service has a service account already tied to it so I'm not sure how another account would be able to manage that account...

This is for a 2008R2 and the service is for a sql instance.

Can anyone lead me down the right path of understanding this?

Thanks
0
Comment
Question by:DB1947
  • 3
  • 2
6 Comments
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 39804339
Hi

I dont understand the question they have asked you, the LocalSystem account has complete unrestricted access to local resources on the machine.
How would the machine to be able to shutdown SQL after installing Windows Updates and needs a reboot? LocalSystem CAN.
0
 

Author Comment

by:DB1947
ID: 39804390
verbatim minuse names and IP addresses...

I'm at a complete loss.

Can you please grant user ‘local system’ of server SERVERNAME (10.10.10.10), permission to restart app services (e.g. 'serviceone', 'servicetwo').

We do NOT want you to change the service accounts.

We only need for user ‘local system’ of server SERVERNAME (10.10.10.10) to have service account right to the NT Authority \ System on the sql instance.
0
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 39804438
Ok... something i hate to say, but in my opinion the guys that asked you this have no clue on what they are talking about. So ask them to clarify and confront them with the below statement.

There is nothing on a single box that LocalSystem account can not do and is even more trusted then the local administrator.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:DB1947
ID: 39804641
I posted it here to see if anyone could add clarity to something that was unclear to everyone here.

I guess we need to dig deeper with the requester
0
 
LVL 11

Accepted Solution

by:
Venugopal N earned 500 total points
ID: 39807181
In our environment we used to get such a kind of request with the service account and the service for which the account need to be allow to stop and start the service.

If this is the request , then on the specified server need to add the user account ( Service account ) as per the below link..

http://www.dscentral.in/2011/10/11/allow-non-admin-control-windows-service/

Check if this the request for in your case.
0
 

Author Closing Comment

by:DB1947
ID: 39815200
This is exactly what we were looking for.  Thank you sir
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question