How to give rights to one user for the restart of a service

windows-server-2008 permissions service user-permissions
13,022

Solution 1

You can use the sc command to set permissions on a specific service.

The format is a little difficult to understand, but first you will need to find the user or group's SID to use the command (something like "S-1-5-21-....").

sc myserver sdset spooler D:(A;;RPWP;;;place-sid-here)

A couple notes on that command:

  • RP Allows service start
  • WP Allows service stop

Replace myserver with your server's name and spooler with the service you want to edit.

More information is available at the following locations:

http://technet.microsoft.com/en-us/library/cc742037(WS.10).aspx

http://msmvps.com/blogs/erikr/archive/2007/09/26/set-permissions-on-a-specific-service-windows.aspx

Solution 2

Waiting for my VMs to spin up, but it looks like this should work (from reading this)

  • Open group policy to Computer Configuration\Policies\Windows Settings\Security Settings\System Services
  • Edit the service in question, enable "define policy setting" and then "edit security"
  • Add the user and give them "read" and "start, stop, and pause" rights

I'll swing by after I've tried this out, but good question! I had no idea this had been added.

This might also work: Remotely restarting a service for a non-administrator user

Share:
13,022

Related videos on Youtube

Cédric Boivin
Author by

Cédric Boivin

Updated on September 17, 2022

Comments

  • Cédric Boivin
    Cédric Boivin almost 2 years

    It's there a way i can give the rights to a specific user, for restart a specific service on windows server 2008 ?

  • Cédric Boivin
    Cédric Boivin almost 14 years
    When i go Configuration\Policies\Windows Settings\Security Settings there is no System Services :-(
  • Doug Luxem
    Doug Luxem almost 14 years
    Hmm...maybe an R2/Win7 feature of Group Policy? Unfortunately, I don't have a way to test downlevel but mine matches @Kara.
  • Kara Marfia
    Kara Marfia almost 14 years
    That's very odd! You're on the domain controller, and it's 2008 server?
  • Cédric Boivin
    Cédric Boivin almost 14 years
    No i am not on the domain controller, i am on the server directly, because it's a custom service, install only on this machine.
  • Will
    Will almost 14 years
    Additionally you need to prefix the entires with D: as per my answer here. In your example, this would be: sc myserver sdset spooler D:(A;;RPWP;;;place-sid-here)
  • Alexander Gonchiy
    Alexander Gonchiy over 6 years
    Doesn't work on Win2008 R2 - there is no "System Services" item.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Granting service control manager access permission to user outside of administrator group
PHP mkdir Permission Denied running on Windows Server 2008 IIS 7 due to Read Only Attribute?
Files don't inherit parent folder's permission after saving
Full permissions on folder when remoted in, but read only through the network
Who has accessed/opened a file on the network and when?
What local group should user belong to be able to run windows task as that user
In Windows 8.1, how to force prompt for credentials when accessing a shared folder?
How to grant remote desktop right to a user in Windows Server 2008?
Not able to stop Windows service
Win Server Security: Why do members of a group not get access when the Group has permission?