Re: Giving users permission to an MMC

From: Ishmealm (Ishmealm_at_discussions.microsoft.com)
Date: 06/23/05 

Date: Thu, 23 Jun 2005 07:18:02 -0700

This is how I allow developers to restart individual services on our servers.
 I have them do manage on their local pc's and then connect to the server.
They only have rights to what you run the command against, even though they
can see all the servers and stuff:

http://support.microsoft.com/default.aspx?scid=kb;en-us;288129

The command looks like this:
SUBINACL /SERVICE \\Server-01\messenger /GRANT=sw\user=to

"Grant" wrote:

> Hi Giuseppe ,
>
> Security on the msc file:
> domain\administrators - full control
> System - Fuill control
> Users(Domain\users) - Modify/read/write/execute
>
> I dont know what you mean by checking the ACL list. Where do I check this?
>
>
>
>
> "Giuseppe Nacci" <giuseppe.nacci@degennaro.biz> wrote in message
> news:uW9jDk$dFHA.3616@TK2MSFTNGP09.phx.gbl...
> > Check the ACL in a tab security list and report here what you see.
> > Report here also the ACL in a tab security of .msc file
> >
> > --
> > ---
> > Giuseppe Nacci
> > Microsoft Certified System Engineer
> > Security Manager
> >
> > --------------------------------------------------------------------
> > CONFIDENTIALITY NOTICE
> > This message and its attachments are addressed solely to the persons
> > above and may contain confidential information. If you have received
> > the message in error, be informed that any use of the content hereof
> > is prohibited. Please return it immediately to the sender and delete
> > the message. Should you have any questions, please contact us by
> > replying to supporto.informatico@degennaro.biz
> > Thank you
> > --------------------------------------------------------------------
> >
> >
> > "Grant" <gpsnett@hotmail.com> ha scritto nel messaggio
> > news:eEjeNM$dFHA.3328@TK2MSFTNGP09.phx.gbl...
> >> user can open this file but they cannot see any services and they get an
> >> error message saying "Error 5: Access denied"
> >>
> >> How would I enable them to see and restart a service?
> >>
> >> thanks,
> >> Grant
> >>
> >> "Giuseppe Nacci" <giuseppe.nacci@degennaro.biz> wrote in message
> >> news:evU$MY%23dFHA.2180@TK2MSFTNGP12.phx.gbl...
> >>> Are you talking about .msc file?
> >>> Right click on .msc file, security and sharing, tab security, add user
> >>> account how you prefer.
> >>> Bye.
> >>>
> >>> Sorry for my english, I'm working on it ;-)
> >>>
> >>> --
> >>> ---
> >>> Giuseppe Nacci
> >>> Microsoft Certified System Engineer
> >>> Security Manager
> >>>
> >>> --------------------------------------------------------------------
> >>> CONFIDENTIALITY NOTICE
> >>> This message and its attachments are addressed solely to the persons
> >>> above and may contain confidential information. If you have received
> >>> the message in error, be informed that any use of the content hereof
> >>> is prohibited. Please return it immediately to the sender and delete
> >>> the message. Should you have any questions, please contact us by
> >>> replying to supporto.informatico@degennaro.biz
> >>> Thank you
> >>> --------------------------------------------------------------------
> >>>
> >>>
> >>> "Grant" <gpsnett@hotmail.com> ha scritto nel messaggio
> >>> news:%23eyqfq9dFHA.3352@TK2MSFTNGP09.phx.gbl...
> >>>>I have created an MMC which contains the services from one of our domain
> >>>>controllers (Win2k3 server).
> >>>>
> >>>> I have place the MMC on a share on the network and I would like to
> >>>> enable certain users to have permission to open up this MMC and restart
> >>>> particular services. How would I achieve this?
> >>>>
> >>>> Thanks,
> >>>> Grant
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
>
>
>

Relevant Pages

  • Re: Need urgent help regarding security
    ... There is plenty of security info out there ... email from even a dozen servers is small. ... an OS version upgrade should not be taken lightly. ... Given that your root password was apparently found on the servers, ...
    (freebsd-questions)
  • [Full-Disclosure] w32.frethem.k@mm and good reading
    ... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ...
    (Full-Disclosure)
  • [Full-Disclosure] w32.frethem.k@mm and good reading
    ... Script kiddies deface websites. ... only obfuscating your own perception of security. ... >> vulnerabilities in a particular operating system or server software ... >> Imagine a custom operating system used by only a few servers, ...
    (Full-Disclosure)
  • RE: IIS6 Security and other web servers
    ... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ...
    (Security-Basics)
  • TSLSA-2005-0059 - multi
    ... Affected versions: Trustix Secure Linux 2.2 ... PHP is an HTML-embedded scripting language. ... use of Rest with FTP servers and Range with HTTP servers to retrieve files ... - New Upstream and Multiple Vendor Security Fixes ...
    (Bugtraq)