Solved

Windows Server 2012 R2 Local Policy Editor is missing System Services?

Posted on 2016-10-25
4
61 Views
Last Modified: 2016-11-20
I'm trying to give privileges to a couple of users so that they can start/stop/restart services on a Windows 2012 R2 Server who is a member of a domain. The server is not a DC but has Terminal Services installed on it.
As fast as I understand you could use Group Policies to give them this right before, but in this OS there is no such path (Computer Configuration/Windows Settings/Security Settings/System Services).
And as it's not a DC I can't use the approach of using a new Organisational Unit (since I can't see the Services on the server in question from the DC server)...

Anyone with ideas or experiences of this?
0
Comment
Question by:MicaelO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points (awarded by participants)
ID: 41858852
You never could do that with the local policy editor. This was only ever available in the domain group policy management.
For a single server, you can do that with subinacl.exe (you don't need to actually install it, all you need is the .exe which you can extract from the msi, for example with 7-Zip).
And do not assign the right to users. Create a local or domain local group, "Service_Restart_Whatever", and assign the required rights to this group. Then add the user(s) in question to this group, or (better) a global group containing these users.
Note: the service name is the short name (under "Service Name" in the service properties), not the Display Name.
Example:
subinacl.exe /Service "Whatever" /grant="SomeDomain\Service_Restart_Whatever"=TOP

Open in new window

Still works on W2k12R2.
 
How to grant users rights to manage services in Windows Server 2003
https://support.microsoft.com/en-us/kb/325349

SubInACL (SubInACL.exe)
https://www.microsoft.com/en-us/download/details.aspx?id=23510
1
 

Author Comment

by:MicaelO
ID: 41859438
Thanks oBdA!

I'll try this! :)

Maybe I have misunderstood it but I found this article and was referring to method 1 in it when I referred to doing it locally: http://social.technet.microsoft.com/wiki/contents/articles/5752.how-to-grant-users-rights-to-manage-services-start-stop-etc.aspx
0
 
LVL 85

Expert Comment

by:oBdA
ID: 41859759
I'm not sure what they mean with "(applies to local users)", but "Open the Group Policy Object (GPO) that contains the computers that need the users to be able to control services." indicates that this is about a domain controlled GPO as well,
The second method just seems to be the same as the first one, only with screen shots and creating a new OU and GPO instead of editing an existing one.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 41894647
Question answered.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question