Re: Error: 5 Access Denied - HELP
- From: "Pegasus \(MVP\)" <I.can@xxxxxxx>
- Date: Fri, 14 Oct 2005 12:36:40 +1000
Here is a warning I need to add: The batch file "service.bat"
must be inaccessible to members of the applications group.
If it was accessible then a savvy user could use it as a trojan
horse, placing his own instructions into it.
It would be best to place the semaphore file Start/StopService.flag
into some generally accessible area where the applications group
can modify it without having elevated privileges.
"Bill Green" <BillGreen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A58967EA-752A-4C48-AC1B-9BB0447EA218@xxxxxxxxxxxxxxxx
> I appreciate the reply. I will give this a shot and let you know.
>
> Bill
>
> "Pegasus (MVP)" wrote:
>
> >
> > "Bill Green" <BillGreen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:303FC984-C7C2-4243-B0CA-2E242ADCAC8B@xxxxxxxxxxxxxxxx
> > > Hi,
> > >
> > > I see this discussed alot when I googled it, but I can't find a
solution.
> > >
> > > I have three servers that have services that need to be stopped and
> > started
> > > in a certain order from time to time. I would like to have a specific
> > > account be able to restart the services. I have tried to use a local
> > account
> > > and a domain account, and then using a .bat file with pstools
psservice in
> > it
> > > I try to restart the services from one server and have it stop the
> > services
> > > on the other servers. I'm doing this so that our applications group
can
> > stop
> > > and start the services when they update the web application.
> > >
> > > However, when the .bat file we get Error: 5 Access Denied.
> > >
> > > We have even tried compiling an executable with the admin password in
it
> > and
> > > we still get the error. Is there a solution to this error (without
making
> > > members of the applications group a systems administrator?)
> > >
> > > Thanks,
> > >
> > > Bill
> >
> > I suspect that you could start the services under the System
> > account. Since at.exe schedules tasks that run under the
> > System account, you could use it for your purposes. It could
> > work like so:
> >
> > 1. Run the following command on each server:
> > for /L %h in (0,1,23) do for /L %m in (0,5,55) do at %h:%m
> > /every:m,t,w,th,f,s,su c:\tools\service.bat
> > (this is one single long line!)
> > This will schedule 288 jobs, running once every five minutes.
> >
> > 2. Create the file c:\tools\service.bat on each server:
> > @echo off
> > if exist c:\tools\StartService.flag net start "Your Service Name" & del
> > StartService.flag
> > if exist c:\tools\StopService.flag net stop "Your Service Name" & del
> > StopService.flag
> >
> > 3. Create a batch file & shortcut to be used by the Applications
> > Group. Its purpose is to create the appropriate semaphore
> > file c:\tools\Start/StopService.flag on each server.
> >
> > And here is what will happen:
> > - The Apps Group clicks the "Stop" shortcut.
> > - This creates the "StopService" semaphore file.
> > - Once every five minutes, a scheduled task running on
> > each server monitors the semaphore file.
> > - If the semaphore file exists then the service will be
> > stopped and the semaphore file will be deleted.
> >
> >
> >
.
- References:
- Re: Error: 5 Access Denied - HELP
- From: Bill Green
- Re: Error: 5 Access Denied - HELP
- Prev by Date: Quota Tab missing on ONE Drive!!
- Next by Date: Re: Quota Tab missing on ONE Drive!!
- Previous by thread: Re: Error: 5 Access Denied - HELP
- Next by thread: Windows Server 2003 Telephony & Fax
- Index(es):
Relevant Pages
|
