Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows Server 2012 R2 Local Policy Editor is missing System Services?

Posted on 2016-10-25
4
Medium Priority
?
119 Views
Last Modified: 2016-11-20
I'm trying to give privileges to a couple of users so that they can start/stop/restart services on a Windows 2012 R2 Server who is a member of a domain. The server is not a DC but has Terminal Services installed on it.
As fast as I understand you could use Group Policies to give them this right before, but in this OS there is no such path (Computer Configuration/Windows Settings/Security Settings/System Services).
And as it's not a DC I can't use the approach of using a new Organisational Unit (since I can't see the Services on the server in question from the DC server)...

Anyone with ideas or experiences of this?
0
Comment
Question by:MicaelO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points (awarded by participants)
ID: 41858852
You never could do that with the local policy editor. This was only ever available in the domain group policy management.
For a single server, you can do that with subinacl.exe (you don't need to actually install it, all you need is the .exe which you can extract from the msi, for example with 7-Zip).
And do not assign the right to users. Create a local or domain local group, "Service_Restart_Whatever", and assign the required rights to this group. Then add the user(s) in question to this group, or (better) a global group containing these users.
Note: the service name is the short name (under "Service Name" in the service properties), not the Display Name.
Example:
subinacl.exe /Service "Whatever" /grant="SomeDomain\Service_Restart_Whatever"=TOP

Open in new window

Still works on W2k12R2.
 
How to grant users rights to manage services in Windows Server 2003
https://support.microsoft.com/en-us/kb/325349

SubInACL (SubInACL.exe)
https://www.microsoft.com/en-us/download/details.aspx?id=23510
1
 

Author Comment

by:MicaelO
ID: 41859438
Thanks oBdA!

I'll try this! :)

Maybe I have misunderstood it but I found this article and was referring to method 1 in it when I referred to doing it locally: http://social.technet.microsoft.com/wiki/contents/articles/5752.how-to-grant-users-rights-to-manage-services-start-stop-etc.aspx
0
 
LVL 85

Expert Comment

by:oBdA
ID: 41859759
I'm not sure what they mean with "(applies to local users)", but "Open the Group Policy Object (GPO) that contains the computers that need the users to be able to control services." indicates that this is about a domain controlled GPO as well,
The second method just seems to be the same as the first one, only with screen shots and creating a new OU and GPO instead of editing an existing one.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 41894647
Question answered.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question