Results 1 to 6 of 6

Thread: Permissions for single remote service restart

  1. #1
    RichardW Guest

    Permissions for single remote service restart

    Is there any way I can give permissions to a single user to be able to
    remote restart a service ? Or all services if a single one isn't possible. I
    don't really want to make the user a local admin, since he only need to
    restart that one service.

  2. #2
    neo [mvp outlook] Guest
    Is it safe to assume that the server operating system in question is Windows
    2003 with SP1/2?

    And to answer the question, yes it is for the Windows 2003 operating system.
    It would require granting additional rights on SCMANAGER plus the service in
    question. http://support.microsoft.com/kb/905809/en-us kinda gives you an
    idea when it comes to Windows 2003/Exchange 2003 but can be adapted for any
    service in question.

    /neo

    PS - Step 5/Method 1 is the area to clue in on.

  3. #3
    Join Date
    Aug 2010
    Posts
    2

    Re: Permissions for single remote service restart

    I'm sorry to revive an old thread, but I cannot get this to work with the given recipe. I want to give a domain user or a domain group access to remote start/stop a service, without having elevated rights on the server.
    The recipe here wants you to use PSGETSID to get the SID of the user/group in question, and then use SC SDSET SCMANAGER to edit the permission of SCMANAGER service and then again on the service in question.

    But SC SDSET takes an SDDL string, not an SID.

    Maybe someone can help me make this work, or provide a better solution?

  4. #4
    Join Date
    May 2008
    Posts
    4,085

    Re: Permissions for single remote service restart

    Hi jambazz,

    What happens if you first establish a network session with the remote server (using net use \\... /user:....) and after that, try to stop/start a service remotely using the services applet? Note that you should delete the network session before you try again usin LogonUser/Impersonate, else you will use the established session to access the remote resource instead of the access token obtained (or not) by LogonUser.

  5. #5
    Join Date
    Aug 2010
    Posts
    2

    Re: Permissions for single remote service restart

    Hi Solomon, then I can start the service remotely successfully. But this requires the use of a password, which I prefer to avoid :o)

  6. #6
    Join Date
    Oct 2011
    Posts
    1

    Re: Permissions for single remote service restart

    there's really 2 steps. this article covers the first.
    http://support.microsoft.com/kb/907460
    really what needs to be done here is this:
    ---------------------------------------------
    To resolve this issue, use version 5.2.3790.1830 of the Sc.exe tool. This tool is located in the %windir%\System32 folder. To do this, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. Type the following command at the command prompt, and then press ENTER:
    sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
    ---------------------------------------------
    this sets the scmanager to allow access for non administrators. even though the article says W2k3 you need to do this for 2008 as well.

    next step is granting access to the service itself using suninacl.exe (in the resource kit I think)

    subinacl.exe /verbose /service "service name you want to grant" /grant="domain\groupname"=LQSTOP


    the subinacl really makes it much easier than using the sc.exe commands and using the SDDL stirngs & sid's.

Similar Threads

  1. Remote Desktop Fails on Server 2K3 After Every Restart
    By Jason H. in forum Windows Server Help
    Replies: 9
    Last Post: 28-03-2012, 02:21 PM
  2. Restart Windows via Remote Desktop
    By Niversen in forum Tips & Tweaks
    Replies: 1
    Last Post: 13-06-2009, 09:08 AM
  3. Active Directory Remote Desktop Permissions
    By hippey in forum Active Directory
    Replies: 3
    Last Post: 14-05-2009, 08:00 PM
  4. can't restart remote server 2003 with shutdown -i?
    By geekyguy in forum Windows Server Help
    Replies: 3
    Last Post: 24-11-2008, 09:55 PM
  5. Permissions required to restart services
    By susan in forum Windows Server Help
    Replies: 2
    Last Post: 09-10-2008, 01:20 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,689,103.66212 seconds with 17 queries