User starting & stopping services

[DCA]

I want to be able to allow users to start/stop certain services. In this
case CISCO VPN. I was able to get the policy to work the first time but
after a complete shutdown and startup, niether the user nor the
administrator cannot start the service. A simple logoff does not affect the
policy. This is on a laptop so there is no domain controller involved. TIA

 

[Marin Marinov]

<snip>
Did you try using security templates and the Security Configuration and
Analysis snap-in?

--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.

"True knowledge exists in knowing that you know nothing."
Socrates

 

[Steven L Umbach]

You may also want to try subinacl to assign user permissions to services as described
in the KB below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;288129

SUBINACL /SERVICE \ServiceName /GRANT=UserName[=Access]
I want to be able to allow users
to start/stop certain services. In this

 

[DCA]

Yes, it would work the first time I implemented but not after a warm or
cold re-start. It seemed to corrupt the CISCO service where even as
administrator, I couldn't start it. I'd have to unisntall and re-install
the VPN client.

What we're trying to achieve is to give the regular user the ability to
start/stop the service so that when they're outisde the office environment
on the laptop, they'll be able to start the service and use VPN from
anywhere.

 

[Big Daddy]

Yes, I did. It created all kinds of problems. It would work the very first
time I ran it but afterward a warm or cold start, it literally got messed up
so bad, I had to uninstall & re-install the software again.

Obviously I missed something along the way even I printed the microsoft
instructions and had them next to me while I was doing this.

 

[Ralph]

I read the article and it appears that the user would still need
administravie rights to run the program.

You may also want to try subinacl to assign user permissions to services as described
in the KB below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;288129

SUBINACL /SERVICE \ServiceName /GRANT=UserName[=Access]
I want to be able to allow users
to start/stop certain services. In this

case CISCO VPN. I was able to get the policy to work the first time but
after a complete shutdown and startup, niether the user nor the
administrator cannot start the service. A simple logoff does not affect the
policy. This is on a laptop so there is no domain controller involved. TIA

 

[Steven L Umbach]

Yes, subinacl requires administrator access, but once the permissions are granted
they stay that way unless they are changed back. It does not have to be run every
single time. Any process to give users rights to services will require administrator
rights. It could also be run as a startup script that runs in system context. ---
Steve

I read the article and it appears that the user would still need
administravie rights to run the program.

"Steven L Umbach" <[email protected]> wrote in message

You may also want to try subinacl to assign user permissions to services as described
in the KB below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;288129

SUBINACL /SERVICE \ServiceName /GRANT=UserName[=Access]
I want to be able to allow users
to start/stop certain services. In this

case CISCO VPN. I was able to get the policy to work the first time but
after a complete shutdown and startup, niether the user nor the
administrator cannot start the service. A simple logoff does not affect the
policy. This is on a laptop so there is no domain controller involved. TIA