Windows Server 2012 R2 Local Policy Editor is missing System Services?

I'm trying to give privileges to a couple of users so that they can start/stop/restart services on a Windows 2012 R2 Server who is a member of a domain. The server is not a DC but has Terminal Services installed on it.
As fast as I understand you could use Group Policies to give them this right before, but in this OS there is no such path (Computer Configuration/Windows Settings/Security Settings/System Services).
And as it's not a DC I can't use the approach of using a new Organisational Unit (since I can't see the Services on the server in question from the DC server)...

Anyone with ideas or experiences of this?
Micael OlssonTechieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
You never could do that with the local policy editor. This was only ever available in the domain group policy management.
For a single server, you can do that with subinacl.exe (you don't need to actually install it, all you need is the .exe which you can extract from the msi, for example with 7-Zip).
And do not assign the right to users. Create a local or domain local group, "Service_Restart_Whatever", and assign the required rights to this group. Then add the user(s) in question to this group, or (better) a global group containing these users.
Note: the service name is the short name (under "Service Name" in the service properties), not the Display Name.
Example:
subinacl.exe /Service "Whatever" /grant="SomeDomain\Service_Restart_Whatever"=TOP

Open in new window

Still works on W2k12R2.
 
How to grant users rights to manage services in Windows Server 2003
https://support.microsoft.com/en-us/kb/325349

SubInACL (SubInACL.exe)
https://www.microsoft.com/en-us/download/details.aspx?id=23510
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Micael OlssonTechieAuthor Commented:
Thanks oBdA!

I'll try this! :)

Maybe I have misunderstood it but I found this article and was referring to method 1 in it when I referred to doing it locally: http://social.technet.microsoft.com/wiki/contents/articles/5752.how-to-grant-users-rights-to-manage-services-start-stop-etc.aspx
0
oBdACommented:
I'm not sure what they mean with "(applies to local users)", but "Open the Group Policy Object (GPO) that contains the computers that need the users to be able to control services." indicates that this is about a domain controlled GPO as well,
The second method just seems to be the same as the first one, only with screen shots and creating a new OU and GPO instead of editing an existing one.
0
oBdACommented:
Question answered.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.