Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 380
  • Last Modified:

local system account

I have been asked to grant user "local system" of a server permission to restart a service.

It's not a user account in the security system to edit permissions on.

The service has a service account already tied to it so I'm not sure how another account would be able to manage that account...

This is for a 2008R2 and the service is for a sql instance.

Can anyone lead me down the right path of understanding this?

Thanks
0
DB1947
Asked:
DB1947
  • 3
  • 2
1 Solution
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

I dont understand the question they have asked you, the LocalSystem account has complete unrestricted access to local resources on the machine.
How would the machine to be able to shutdown SQL after installing Windows Updates and needs a reboot? LocalSystem CAN.
0
 
DB1947Author Commented:
verbatim minuse names and IP addresses...

I'm at a complete loss.

Can you please grant user ‘local system’ of server SERVERNAME (10.10.10.10), permission to restart app services (e.g. 'serviceone', 'servicetwo').

We do NOT want you to change the service accounts.

We only need for user ‘local system’ of server SERVERNAME (10.10.10.10) to have service account right to the NT Authority \ System on the sql instance.
0
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Ok... something i hate to say, but in my opinion the guys that asked you this have no clue on what they are talking about. So ask them to clarify and confront them with the below statement.

There is nothing on a single box that LocalSystem account can not do and is even more trusted then the local administrator.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
DB1947Author Commented:
I posted it here to see if anyone could add clarity to something that was unclear to everyone here.

I guess we need to dig deeper with the requester
0
 
Venugopal NCommented:
In our environment we used to get such a kind of request with the service account and the service for which the account need to be allow to stop and start the service.

If this is the request , then on the specified server need to add the user account ( Service account ) as per the below link..

http://www.dscentral.in/2011/10/11/allow-non-admin-control-windows-service/

Check if this the request for in your case.
0
 
DB1947Author Commented:
This is exactly what we were looking for.  Thank you sir
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now