setting up "rights" for Services in Windows

Moderator: Moderators

Post Reply
User avatar
Iane_Blaidd
Member
Posts: 1788
https://www.behance.net/kuchnie-warszawa
Joined: Tue Oct 28, 2008 8:04 pm
Location: Plano, Texas

setting up "rights" for Services in Windows

Post by Iane_Blaidd »

Hope this makes sense....

As many know you can go to Administrative tools and chose services. In there you can start and stop various programs you have set up on your PC.

What I want to be able to is set up a "user" or "rights" so anyone can connect to stop then start one application. What we are really trying to do is set something up for a client to be able to turn on and off Pervasive which is a program we use for ODBC connections and other such things. We want to set this up on their server so anyone in the company can "log in" and stop then start the application. I am lost and this is beyond my knowledge.

All of our clients run Windows XP so that is the program we need to be able to do it in. I thought I was on the right track when I chose the program and right clicked selected properties and then the Log On tab.

I have no issues connection to another PC on my network and stopping any application but we cannot trust the users at the clients with access to ALL the programs we need to narrow it down to 1 to 3 on the list.

If anyone could point me in the right direction I would really appreciate it; I think I read somewhere that XP might not be able to do this and after 5 hours of trying (why I logged from raid tonight) I think that might be right…
Iane Blaidd
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran

Image
Top
User avatar
Chakkorisi
Member
Posts: 1193
Joined: Fri Nov 04, 2005 3:08 am

Post by Chakkorisi »

Iane-

It has been ALONG time since I've worked out something like this. I am going to say this . . . I would not advise granting users rights to anyone on a server class machine. If you are doing this as a consultant deal and you are working with your clients server, I would be VERY careful about doing this. You start opening up security even a little bit and you can seriously wreak someone's day and maybe your own credibility.

Now that the disclaimer has been stated. There are any number of ways you can configure the security; all the ones that come to mind all are server-side configurations. As I said . . . dangerous stuff.

You can start here: http://technet.microsoft.com/en-us/libr ... 10%29.aspx

Or here: http://support.microsoft.com/?kbid=288129

If you have any questions . . . post them here and I will see what I can do.

Chakk
Image

"Oh, hell, anything you can uncork, uncap or unscrew, I'll drink it!"
Top
User avatar
Alsmack
Officer
Posts: 4267
Joined: Sat Sep 20, 2008 8:18 pm
Location: Chicago, IL

Post by Alsmack »

Iane

You can use the command line and scripts to do what you're asking, even on Windows XP, but I would be very careful about your security.

The commands are:

Code: Select all

net stop <service>
net start <service>
So for example

Code: Select all

net stop "Print Spooler"
net start "Print Spooler"
The problem is these commands still have to be run by someone authorized to mess with services, meaning they need to have local administrative rights on the machine the services is running on.

That's where the dangerous part comes in, as Chakkorisi mentioned. Personally, I've seen some folks run some type of applet the users can connect to, and the applet controls the users ability to start/stop services, but the applet itself has the privledges.

I don't know of any off the top of my head, but I'm sure it would be fairly trivial for an experienced coder to write such an applet with a quick web front end or some such.

Just an idea. Chakkorisi's link to provide user rights for services is another method, and probably more simple, which means less inventing wheels. I'm just not sure it works with Windows XP, certainly not XP Home, Pro maybe.
Image
Alsmack | Rezlar | Dpses | Lynis | Medissin | Arbutus
Top
User avatar
Iane_Blaidd
Member
Posts: 1788
Joined: Tue Oct 28, 2008 8:04 pm
Location: Plano, Texas

Post by Iane_Blaidd »

thank you guys for the info; i am going to pass it along to someone that knows a bit more about this thein i do; this is not my area...

i totally agree this is a BAD idea but the client wants it. i did sugguest they pass ther request to their own IT dept and let them deal with it.

if i have any questions i wil let you guys know
Iane Blaidd
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran

Image
Top
User avatar
Salnayil
Member
Posts: 1902
Joined: Wed Dec 15, 2004 3:53 pm
Location: Colo Spgs, CO

Post by Salnayil »

i did sugguest they pass ther request to their own IT dept and let them deal with it.
If you are doing this for a company they should have never asked you in the first place. Local admin rights needs to be handled by that company full out.

Isn't this the company that caused you issues with web meetings not being secure enough? Now they are asking you to elevate user rights on a service on their network???

Other way to fix this without elevating user rights. Tell them to reboot and it will restart the service, lol. :P
Image
Top
User avatar
Iane_Blaidd
Member
Posts: 1788
Joined: Tue Oct 28, 2008 8:04 pm
Location: Plano, Texas

Post by Iane_Blaidd »

Salnayil wrote: Isn't this the company that caused you issues with web meetings not being secure enough? Now they are asking you to elevate user rights on a service on their network???
yes that would be them; they are not real bright; about the only client i have right now that i cannot stand!
Iane Blaidd
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran

Image
Top
Post Reply

Return to “Technical Support”