Service start right

  • Thread starter Thread starter Dom
  • Start date Start date
D

Dom

On a windows 2000 pro box I want to assign the ability to
start and stop a service (if not possible then all
services) to a regular user without them being
administrator. How can this be done, the box is
standalone and not part of a domain.

TIA

Dom
 
You can use ntrights or subinacl. Subinacl is described in the KB below and can be
downloaded from Microsoft. For instance to give Joe on the local machine permissions
to start and stop the server service use [ subinacl /service lanmanserver
/grant=joe=to ]. The user will also have to be able to start/stop services that
depend on the service you want to stop, for instance to stop the server service the
user would also have to have the right to stop the browser service. You also have to
use the service name - not the display name [server = lanmanserver]. See links below
for more details. You can use the Security Configuration and Analysis mmc snapin tool
to run an analysis against the setupsecurity.inf template and you should see that the
permissions are granted by selecting "view security" for the services you configured
which should be flagged as not matching default setting. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;288129
http://www.ss64.com/ntsyntax/services.html
http://www.microsoft.com/downloads/...56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
http://www.lokbox.net/SecureXP/secAnalysis.asp
 
Thanks very much, all fixed.
-----Original Message-----
You can use ntrights or subinacl. Subinacl is described in the KB below and can be
downloaded from Microsoft. For instance to give Joe on the local machine permissions
to start and stop the server service use [ subinacl /service lanmanserver
/grant=joe=to ]. The user will also have to be able to start/stop services that
depend on the service you want to stop, for instance to stop the server service the
user would also have to have the right to stop the
Click to expand...
browser service. You also have to
use the service name - not the display name [server = lanmanserver]. See links below
for more details. You can use the Security Configuration and Analysis mmc snapin tool
to run an analysis against the setupsecurity.inf
Click to expand...
template and you should see that the
 
Back
Top