Hello,
I've changed permissions on a server to allow our helpdesk to restart the spooler service. I can see on the server that the permissions have taken effect by using RSoP.
The problem is that when a user tries to connect to the server by using computer management, as soon as they click on services they get "Access Denied". What additional steps will I need to perform to enable users to connect to the services part of computer
management?
the connection to the computer works when using computer management but its only the services part which is an issue.

There is an amazing pack of free network admin tools. click here to download it

Hiya,
Are they logging on to the server or running script against the server?
for example:
sc \\<server name> stop Spooler
sc \\<server name> start Spooler
What O/S version is the server?

Need to support users over the internet? click here try our remote control online beta

Does it have to be via the GUI, because if you could script it you could give the helpdesk an icon that allows them to restart the spooler service. There are a number of options available that could do the job:

PSExec to run a net stop, net startwmic to invoke stopservice and startserviceVBscript or PowerShell to stop and start via WMIPowerShell remoting to restart serviceJaap Brasser

http://www.jaapbrasser.com


There is an amazing pack of free network admin tools. click here to download it

Ideally we want it to be done via the gui as that is the way that they know now to work.

we may also want to delegate other service management at a later date so the GUI would enable the less techie to work easy.

Need to support users over the internet? click here try our remote control online beta

Hi,
Thank you for the post.
If non admin users want to restart service from remote MMC, you need grant users rights follow steps below:
Grant user right to access service manager remotely
1.Obtain the current security descriptor settings of Service control manager:
Run command sc sdshow scmanager on the computer which you want to manage remotely, we will get following
D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
2.Get SID of the user which you want to grant permission.
Log on the user, run command whoami /all then we can get the SID of the user. For example, the SID of my test user is S-1-5-21-75742885-1028626651-2117483494-1107.
To domain user/groups, open ADUC--view menu--selected Advanced Features, find objectSid from domain user/groups Attribute Editor tab.
3.Generate the SD, add (A;;LCRPRC;;;{SID}) before S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD), then we can get:
D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;LCRPRC;;; S-1-5-21-75742885-1028626651-2117483494-1107)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
4.Run command sc sdset scmanager D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;LCRPRC;;; S-1-5-21-75742885-1028626651-2117483494-1107)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
Then we can access service manager remotely.

RegardsRick Tan
TechNet Community Support

Need to support users over the internet? click here try our remote control online beta