|
Posted by Steven L Umbach on April 12, 2006, 11:58 am
Please log in for more thread options The user can be a regular user. They also would need to be able to start any
services that the service in question "depends on". You may also want to
check out setacl which is free. Subinacl can give me a headache trying to
get it to work right. --- Steve
http://setacl.sourceforge.net/html/examples.html --- see example 23.
>> Yes it is possible and the KB article can show a couple ways to do such.
>> However if the users in question are local administrators they could
>> grant themselves access to any service if they knew how to and had the
>> desire to do so. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;288129
>
> Thanks Steven. It seems like subinacl.exe would be the best solution, but
> I'm still a little confused.
>
> If I create a standard "user", can that user be granted control privileges
> over a service, or does that user have to be a "power user", in which case
> I would have to deny them access to every service except this one?
>
> This is a situation where I am the admin of a standalone 2003 server, and
> I want to grant a particular user the ability to log on through RD, and
> they then need to be able to start/stop a specific service they're
> concerned with. I just want to strictly limit what they can do when
> they're logged in.
>
>
>
>>
>>> Hi All: Is it possible to create a security policy where a user has the
>>> right to start/stop a specific service, without giving them unfettered
>>> access to all the services?
>>>
>>> --
>>>
>>>
>>>
>>
>>
>
>
| 
XML Sitemap