Solved

local system account

Posted on 2014-01-23
6
370 Views
Last Modified: 2014-01-28
I have been asked to grant user "local system" of a server permission to restart a service.

It's not a user account in the security system to edit permissions on.

The service has a service account already tied to it so I'm not sure how another account would be able to manage that account...

This is for a 2008R2 and the service is for a sql instance.

Can anyone lead me down the right path of understanding this?

Thanks
0
Comment
Question by:DB1947
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39804339
Hi

I dont understand the question they have asked you, the LocalSystem account has complete unrestricted access to local resources on the machine.
How would the machine to be able to shutdown SQL after installing Windows Updates and needs a reboot? LocalSystem CAN.
0
 

Author Comment

by:DB1947
ID: 39804390
verbatim minuse names and IP addresses...

I'm at a complete loss.

Can you please grant user ‘local system’ of server SERVERNAME (10.10.10.10), permission to restart app services (e.g. 'serviceone', 'servicetwo').

We do NOT want you to change the service accounts.

We only need for user ‘local system’ of server SERVERNAME (10.10.10.10) to have service account right to the NT Authority \ System on the sql instance.
0
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39804438
Ok... something i hate to say, but in my opinion the guys that asked you this have no clue on what they are talking about. So ask them to clarify and confront them with the below statement.

There is nothing on a single box that LocalSystem account can not do and is even more trusted then the local administrator.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:DB1947
ID: 39804641
I posted it here to see if anyone could add clarity to something that was unclear to everyone here.

I guess we need to dig deeper with the requester
0
 
LVL 11

Accepted Solution

by:
Venugopal N earned 500 total points
ID: 39807181
In our environment we used to get such a kind of request with the service account and the service for which the account need to be allow to stop and start the service.

If this is the request , then on the specified server need to add the user account ( Service account ) as per the below link..

http://www.dscentral.in/2011/10/11/allow-non-admin-control-windows-service/

Check if this the request for in your case.
0
 

Author Closing Comment

by:DB1947
ID: 39815200
This is exactly what we were looking for.  Thank you sir
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question