DB1947
asked on
local system account
I have been asked to grant user "local system" of a server permission to restart a service.
It's not a user account in the security system to edit permissions on.
The service has a service account already tied to it so I'm not sure how another account would be able to manage that account...
This is for a 2008R2 and the service is for a sql instance.
Can anyone lead me down the right path of understanding this?
Thanks
It's not a user account in the security system to edit permissions on.
The service has a service account already tied to it so I'm not sure how another account would be able to manage that account...
This is for a 2008R2 and the service is for a sql instance.
Can anyone lead me down the right path of understanding this?
Thanks
ASKER
verbatim minuse names and IP addresses...
I'm at a complete loss.
Can you please grant user ‘local system’ of server SERVERNAME (10.10.10.10), permission to restart app services (e.g. 'serviceone', 'servicetwo').
We do NOT want you to change the service accounts.
We only need for user ‘local system’ of server SERVERNAME (10.10.10.10) to have service account right to the NT Authority \ System on the sql instance.
I'm at a complete loss.
Can you please grant user ‘local system’ of server SERVERNAME (10.10.10.10), permission to restart app services (e.g. 'serviceone', 'servicetwo').
We do NOT want you to change the service accounts.
We only need for user ‘local system’ of server SERVERNAME (10.10.10.10) to have service account right to the NT Authority \ System on the sql instance.
Ok... something i hate to say, but in my opinion the guys that asked you this have no clue on what they are talking about. So ask them to clarify and confront them with the below statement.
There is nothing on a single box that LocalSystem account can not do and is even more trusted then the local administrator.
There is nothing on a single box that LocalSystem account can not do and is even more trusted then the local administrator.
ASKER
I posted it here to see if anyone could add clarity to something that was unclear to everyone here.
I guess we need to dig deeper with the requester
I guess we need to dig deeper with the requester
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is exactly what we were looking for. Thank you sir
I dont understand the question they have asked you, the LocalSystem account has complete unrestricted access to local resources on the machine.
How would the machine to be able to shutdown SQL after installing Windows Updates and needs a reboot? LocalSystem CAN.