Re: restricting user to control of one service?

The user can be a regular user. They also would need to be able to start any
services that the service in question "depends on". You may also want to
check out setacl which is free. Subinacl can give me a headache trying to
get it to work right. --- Steve

http://setacl.sourceforge.net/html/examples.html --- see example 23.

"msft-sql" <aklist@xxxxxxxxxxxxx> wrote in message
news:%23hOxpckXGHA.3560@xxxxxxxxxxxxxxxxxxxxxxx
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Oe0XZlbXGHA.4988@xxxxxxxxxxxxxxxxxxxxxxx
Yes it is possible and the KB article can show a couple ways to do such.
However if the users in question are local administrators they could
grant themselves access to any service if they knew how to and had the
desire to do so. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;288129

Thanks Steven. It seems like subinacl.exe would be the best solution, but
I'm still a little confused.

If I create a standard "user", can that user be granted control privileges
over a service, or does that user have to be a "power user", in which case
I would have to deny them access to every service except this one?

This is a situation where I am the admin of a standalone 2003 server, and
I want to grant a particular user the ability to log on through RD, and
they then need to be able to start/stop a specific service they're
concerned with. I just want to strictly limit what they can do when
they're logged in.




"msft-sql" <aklist@xxxxxxxxxxxxx> wrote in message
news:O5koVNbXGHA.4652@xxxxxxxxxxxxxxxxxxxxxxx
Hi All: Is it possible to create a security policy where a user has the
right to start/stop a specific service, without giving them unfettered
access to all the services?

--









.

Relevant Pages

  • Re: restricting user to control of one service?
    ... However if the users in question are local administrators they could grant ... themselves access to any service if they knew how to and had the desire to ... If I create a standard "user", can that user be granted control privileges ... then need to be able to start/stop a specific service they're concerned ...
    (microsoft.public.windows.server.security)
  • Re: helmets
    ... To encourage and ensure the use of safe equestrian helmets, ... nonprofit organizations seeking a grant under this section shall submit ... the interim standard specified in subsection, ... consumer product safety standard promulgated under the Consumer Product ...
    (rec.equestrian)
  • RE: Automating Import process...
    ... Create a new standard module.... ... On Error GoTo R5561115Import_Err ... 'Open the OpenFile Dialog box to get the .csv filename ... "Steve Sanford" wrote: ...
    (microsoft.public.access.modulesdaovba)
  • Re: Confirmation Email
    ... Steve ... > If your host supports e-mail auto responders you can do the following: ... > e-mails with a standard 'Thank you' reply (or whatever it is you want to ... > 3 Set up the FrontPage Form Properties to send to the new e-mail address ...
    (microsoft.public.frontpage.programming)
  • Re: OT: WTF is a "Super Delegate"
    ... LOL. ... Tim notes he does not know if any states use the word "grant" in their ... Constitution (in relation to voting rights) nor does he know if they ... It is not like your cowardly running is a new game for you, Steve... ...
    (comp.sys.mac.advocacy)
Quantcast