0

We have some machines running Windows 7 Professional at our office. The typical user needs to have access to stop and start a service for a local program they run. These machines have a local web server and database installed and we need to restrict access to certain folders and services related to the web server and database for these users.

The setup I have tried so far is to add the typical user as a Power User. I have been able to successfully restrict them from accessing certain folders (as far as I can tell) but now they do not have access to the service needed for starting and stopping the local program. My thought was to give them access to the specific service but I have not had any luck yet. In searching the web for solutions the only results I have found relate to Windows Server 2000 and 2003 and involve creating security templates and databases through the Microsoft Management Console. I am hesitant to try an approach like this as these articles are typically older and I worry this method is outdated.

Is there a better way to accomplish the end goal of giving the user permission to run the service and restrict their access to certain folders? If any clarification is needed on the setup or what we are trying to achieve, please let me know.

Thanks in advance.

Chad Cook
  • 103
  • 1
  • Are these computers members of a domain? Do you have domain admin privileges? – longneck Jun 25 '13 at 15:29
  • These computers will not be part of a domain. The users are local accounts and the computers will not have network connectivity at times. – Chad Cook Jun 25 '13 at 15:42
  • The instructions in the duplicate question I proposed may be for Windows 2003, but the steps are still the same for Windows 7. – longneck Jun 25 '13 at 15:47
  • Don't be hesitant; try it in your dev environment and see if it works. For you, a dev environment is probably just a single PC, so it's likely not hard to set one up if you don't have one. – Falcon Momot Jun 25 '13 at 18:48

1 Answers1

0

You can use the SubinACL utility from Microsoft at http://www.microsoft.com/en-us/download/details.aspx?id=23510 to set ACL's on services.

mjk
  • 126
  • 1
  • Welcome to Server Fault! Generally we like answers on the site to be able to stand on their own - Links are great, but if that link ever breaks the answer should have enough information to still be helpful. Please consider editing your answer to include more detail. See the [FAQ](http://www.serverfault.com/faq) for more info. – slm Jun 25 '13 at 16:01
  • SubInACL ended up being the simplest solution. – Chad Cook Jun 25 '13 at 21:22