• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 385
  • Last Modified:

local system account

I have been asked to grant user "local system" of a server permission to restart a service.

It's not a user account in the security system to edit permissions on.

The service has a service account already tied to it so I'm not sure how another account would be able to manage that account...

This is for a 2008R2 and the service is for a sql instance.

Can anyone lead me down the right path of understanding this?

Thanks
0
DB1947
Asked:
DB1947
  • 3
  • 2
1 Solution
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

I dont understand the question they have asked you, the LocalSystem account has complete unrestricted access to local resources on the machine.
How would the machine to be able to shutdown SQL after installing Windows Updates and needs a reboot? LocalSystem CAN.
0
 
DB1947Author Commented:
verbatim minuse names and IP addresses...

I'm at a complete loss.

Can you please grant user ‘local system’ of server SERVERNAME (10.10.10.10), permission to restart app services (e.g. 'serviceone', 'servicetwo').

We do NOT want you to change the service accounts.

We only need for user ‘local system’ of server SERVERNAME (10.10.10.10) to have service account right to the NT Authority \ System on the sql instance.
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Ok... something i hate to say, but in my opinion the guys that asked you this have no clue on what they are talking about. So ask them to clarify and confront them with the below statement.

There is nothing on a single box that LocalSystem account can not do and is even more trusted then the local administrator.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
DB1947Author Commented:
I posted it here to see if anyone could add clarity to something that was unclear to everyone here.

I guess we need to dig deeper with the requester
0
 
Venugopal NCommented:
In our environment we used to get such a kind of request with the service account and the service for which the account need to be allow to stop and start the service.

If this is the request , then on the specified server need to add the user account ( Service account ) as per the below link..

http://www.dscentral.in/2011/10/11/allow-non-admin-control-windows-service/

Check if this the request for in your case.
0
 
DB1947Author Commented:
This is exactly what we were looking for.  Thank you sir
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now