Re: Permissions or Policy

• Previous message: Ryan Hanisco: "Re: privilege timeout"
• In reply to: WilliamBeau: "Re: Permissions or Policy"
• Next in thread: Roger Abell: "Re: Permissions or Policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 29 Dec 2004 17:18:13 -0600

<WilliamBeau> wrote in message news:uoSqPZd7EHA.3944@TK2MSFTNGP12.phx.gbl...
> Herb, this appears to be true only for system services - those basically
> included in the OS/ machine build and do not offer services that are
> installed as a result of software intallation or services created that are
> non-OS related.

I didn't know that -- I wonder if this is the 'fault' of the
programmers (like not using the Event Log but creating
their own seperate feature for the same purpose) or if
it is the 'fault' of the published APIs?

Maybe it is as simple as the programmer creating a
system object to control access but of course that doesn't
help you....

> Do you know if I can change the list of services available in the group
> policy in order to accomodate these types of services?

What would the user be "accessing" for these services?

Log files? Use NTFS...

Registry settings? Use permissions (similar to NTFS)

What else?

-- 
Herb Martin
> Thanks!
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:%233xt7cT7EHA.1404@TK2MSFTNGP11.phx.gbl...
> > <WilliamBeau> wrote in message
> news:uwkWJgR7EHA.2180@TK2MSFTNGP12.phx.gbl...
> > > Can anyone suggest a way to allow certain users to start and stop
> > particular
> > > services on a server?
> >
> > Such can be done through delegation on the service
> > properties.
> >
> > No matter how you do it this will be a permission but
> > you may distribute it to may machine by using a policy.
> >
> > On each service there are properties -- on the secure
> > tab there are permissions available to be delegated.
> >
> > > I have a group of developers who I wish not to grant administrative
> access
> > > to, but require the ability to bounce their applications which are
> service
> > > based.  I've looked in the local security policy but do not see
anything
> > > that stands out as being able to do this.
> >
> > Look in the Services control panel or in a GPO->
> > Windows->Security->Services
> >
> > -- 
> > Herb Martin
> >
> >
> > >
> > > Thanks
> > >
> > >
> >
> >
>
>

• Previous message: Ryan Hanisco: "Re: privilege timeout"
• In reply to: WilliamBeau: "Re: Permissions or Policy"
• Next in thread: Roger Abell: "Re: Permissions or Policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Audit Account Logon Events, Client IP address incorrect? ... Sorry for the delay Herb - I lost the post! ... "Herb Martin" wrote in message ... What sort of messages do we need to capture in Snort? ... Now I at least have an explanation for the "powers that be">> when they look at the logs. ... (microsoft.public.win2000.active_directory) Re: Use of VNC over VPN ... and also thanks to Herb for the inputs. ... the problem by checking the VPN server settings to ensure that the VPN ... |"Ian Sullivan" wrote in message ... |Herb Martin ... (microsoft.public.windows.server.migration) Re: Special character in Domain name ... "Bill Williams" wrote in message ... groups -- since I have NEVER used a long, or special character name I have ... Herb Martin> ... (microsoft.public.windows.server.migration) Re: slow log in ... you up for even a minute, but if switching them ... Herb Martin ... > "Herb Martin" wrote in message ... >> %0 should give the script name that is running. ... (microsoft.public.win2000.networking) Re: DNS Recursive Query Test Fails ... > can this be safely ignored or should i alter some settings to get this ... If you need that recursion OR need ... Herb Martin> ... (microsoft.public.windows.server.dns)