Wednesday, December 12, 2007

How to use Subinacl.exe to assign permissions to manage services

Have you ever had a request or need to assign non-admin users permissions to start, stop or query service status on your servers? I certainly have and what I found was that it was quite difficult to find clear information on how to complete this task. In the article I shall try to explain this clearly.

This post has moved -


kmmc said...

Hi! Thanks for your post on SubInACL. I'm trying to figure out how to use this as, I have a laptop harddisk which I have connected to my computer - unfortunately, I cannot access the "Andrew" folder in "Documents and Settings" folder - it keeps saying Access Denied.

How do I use SubInACL to change the ownership of the Andrew folder to belong to "KC" user on my machine "Kristy" i.e. kristy\kc (KC has Administrator privileges)


kmmc said...

I forgot to mention that the current owner of "Andrew" is builtin\administrators

I found this out by:

subinacl /file "F:\Documents and Settings\Andrew" /display

kmmc said...

Hi (again)! Good news :) By God's Grace, I've found the commands that work for me.

First, I got the values from an existing directory that I could open:

subinacl /file "C:\test" /display

Then I applied the same owner / group + full permissions to the directory:

subinacl /subdirectories "F:\Documents and Settings\Andrew\*" /grant=kristy\kc=F

subinacl /subdirectories "F:\Documents and Settings\Andrew\*" /setprimarygroup=kristy\none

subinacl /subdirectories "F:\Documents and Settings\Andrew\*" /owner=kristy\kc

Just posting this in case someone else might benefit from it :0)