7.13. Granting the Permission to Manage One or More Services

Problem

You want to grant a user the right to manage (stop and start) a particular service.

Solution

Using a graphical user interface

  1. Open the Group Policy Object Editor.

  2. Edit the Group Policy object that applies to the computer running the service you want to set security on.

  3. In the right pane, expand Computer Configuration Windows Settings Security Settings System Services.

  4. In the left pane, double-click the service you want to configure.

  5. Check the box beside Define this policy setting.

  6. Select the service startup type.

  7. Click the Edit Security button.

  8. Use the ACL Editor to choose the target security principal and select the permission to apply.

  9. Click OK to close the ACL Editor.

  10. Click OK to close the setting properties page.

Using a command-line interface:

The following command grants full control of a service for a user:

> subinacl /service \\<ServerName>\<ServiceName> /grant=<User>

The following example grants full control of the Messenger service on server fs01 to the AMER\rallen user:

> subinacl /service \\fs01\Messenger /grant=AMER\rallen

Use this command to view the users who have been granted access to manage a particular service:

> subinacl /verbose=1 /service \\<ServerName>\<ServiceName>

Here is an example:

> subinacl /verbose=1 /service \\fs-rtp01\Messenger

To revoke access to a service, use this command:

> subinacl /service \\<ServerName>\<ServiceName> /revoke=<UserName>

This next command grants the AMER\rallen user control ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.