P
PM
I have written a VB program to monitor the status of a particular service
(an application service, not an OS one) on a DC.
This runs fine on my workstation if I log in as a Domain Admin, however a
standard user can't run the program successfully.
Running "netsvc servicename \\server /query" on the workstation or the DC
gives "Error code 5 Access denied".
Using Group Policy I have given the standard user Log on Locally rights on
the DC, also have given rights to query the service. I can run "sc
servicename /query" OK, but not netsvc. This gives Access Denied even if I
run it from the DC.
It looks like an authentication/login problem to me.
The Security log shows the following under Event ID 560, category Object
Access, type Failure:
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
New Handle ID: -
Operation ID: {0,388723950}
Process ID: 276
Primary User Name: OURDC$
Primary Domain: OURDOMAIN
Primary Logon ID: (0x0,0x3E1)
Client User Name: StandardUser
Client Domain: OURDOMAIN
Client Logon ID: (0x0,0x17211111)
Accesses DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Connect to service controller
Create a new service
Enumerate services
Lock service database for exclusive access
Query service database lock state
Set last-known-good state of service database
Privileges -
Any comments/help appreciated
Thanks
Pete
(an application service, not an OS one) on a DC.
This runs fine on my workstation if I log in as a Domain Admin, however a
standard user can't run the program successfully.
Running "netsvc servicename \\server /query" on the workstation or the DC
gives "Error code 5 Access denied".
Using Group Policy I have given the standard user Log on Locally rights on
the DC, also have given rights to query the service. I can run "sc
servicename /query" OK, but not netsvc. This gives Access Denied even if I
run it from the DC.
It looks like an authentication/login problem to me.
The Security log shows the following under Event ID 560, category Object
Access, type Failure:
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
New Handle ID: -
Operation ID: {0,388723950}
Process ID: 276
Primary User Name: OURDC$
Primary Domain: OURDOMAIN
Primary Logon ID: (0x0,0x3E1)
Client User Name: StandardUser
Client Domain: OURDOMAIN
Client Logon ID: (0x0,0x17211111)
Accesses DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Connect to service controller
Create a new service
Enumerate services
Lock service database for exclusive access
Query service database lock state
Set last-known-good state of service database
Privileges -
Any comments/help appreciated
Thanks
Pete