Last week, we had a problem to giving permission to certain services for the local non-admin user. And 99% of the IT team won't give local admin permission due to the security issues.
What do to now?
I found a solution after google -ing a lot.
Microsoft has a simple tool called "subInACL.exe" which allows you to set the permission at the service level.
- Download subinacl.exe from Microsoft, http://www.microsoft.com/en-us/download/details.aspx?id=23510
- Login as Administrator
- Install the tool
- Open the tool in the command mode.
- Navigate to C:\Program Files (x86)\Windows Resource Kits\Tools\
Syntax
subinacl /SERVICE \\MachineName\ServiceName /GRANT=domainname.com\username=F
Example:
subinacl /SERVICE \\MySystem\spooler /GRANT=myDC.com\muralidharan=F
The following permission level can be applied.
F : Full Control
R : Generic Read
W : Generic Write
X : Generic eXecute
L : Read controL
Q : Query Service Configuration
S : Query Service Status
E : Enumerate Dependent Services
C : Service Change Configuration
T : Start Service
O : Stop Service
P : Pause/Continue Service
I : Interrogate Service
U : Service User-Defined Control Commands
For more details about, the permission level, refer the below link.
No comments:
Post a Comment