Re: Trying to configure group policies on a stand alone server.
- From: ttysnoop@xxxxxxxxx
- Date: 13 May 2007 23:09:22 -0700
On May 14, 1:35 am, "Ace Fekay [MVP]" <PleaseAs...@xxxxxxxxxxxxxx>
wrote:
Innews:1179110686.249789.86930@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
ttysn...@xxxxxxxxx <ttysn...@xxxxxxxxx> typed:
According tohttp://support.microsoft.com/?kbid=256299, "When you add
a user through Group Policy Editor in the System Service Security
Policy, the default permissions are start, stop, and pause.", the
problem I'm having is caused by, "This behavior occurs because you
need the following permissions to open the properties of a service,
and to stop, start, or pause a service: Read, Stop, Start, and Pause."
So If I'm understanding it right I need to give the user or the user's
group the read service permission for it to be able to start/stop a
service. The KB article only tells of one way to do this through
'Active Directory Users and Computers.'
So what I'm looking for is how to give a user or a group the read
service permission without using 'Active Directory Users and
Computers'.
It's probably easier to just add them to the local Power Users group.
Or
As the article mentions in a GPO. But for a stand alone, you can still go
thru the steps to create the settings in the local GP on a stand alone. The
settings are the same. In articlehttp://support.microsoft.com/kb/256345/EN-US/, follow steps 7 and onward.
7. Click Computer Configuration, click Windows Settings, click
Security Settings, and then click System Services.
8. Double-click the service on which you want to apply permissions.
The security policy setting for that specific service is displayed.
9. Click to select the Define this Policy Setting check box. This
action automatically creates security permissions with Everyone having Full
Control.
10. Click Remove to remove the Everyone group.
11. Click Add to add the System account and any other user accounts to
which you want to grant access.
12. Set the permission for the System account at Full Control, as well
as the appropriate permissions for user accounts or groups. By default, only
the start, stop, and pause permissions are granted to all new users.
13. After you finish adding the appropriate users and groups with the
appropriate permissions to the service, click OK.
14. The service startup mode is set to disabled by default. Change
this setting to the correct startup mode (usually automatic).
15. Click OK, close the policy, and then click OK.
Ace
Thanks for the help. I tried starting the service with the user in the
power user group and got the same system error 5, access denied. Then
tried your other way only to find the 'System Services' branch missing
from my 'Security Settings' branch. It has; 'Account Policies', 'Local
Policies', 'Public Key Policies', 'Software Restrictions', and 'IP
Security Policies'. Is there any other way to change it that you know
of?
Also, I just double checked and the server is actually running Windows
Server 2003 SP2. It must have been upgraded the last go around and I
forgot or simply wasn't told. Too many servers to keep track of. I
doubt it matters that much but the more info the better.
Thanks.
.
- Follow-Ups:
- Re: Trying to configure group policies on a stand alone server.
- From: Ace Fekay [MVP]
- Re: Trying to configure group policies on a stand alone server.
- References:
- Trying to configure group policies on a stand alone server.
- From: ttysnoop
- Re: Trying to configure group policies on a stand alone server.
- From: Ace Fekay [MVP]
- Re: Trying to configure group policies on a stand alone server.
- From: ttysnoop
- Re: Trying to configure group policies on a stand alone server.
- From: Ace Fekay [MVP]
- Trying to configure group policies on a stand alone server.
- Prev by Date: Re: Trying to configure group policies on a stand alone server.
- Next by Date: Re: Trying to configure group policies on a stand alone server.
- Previous by thread: Re: Trying to configure group policies on a stand alone server.
- Next by thread: Re: Trying to configure group policies on a stand alone server.
- Index(es):
Relevant Pages
|
