Wednesday, December 12, 2007

How to use Subinacl.exe to assign permissions to manage services

Have you ever had a request or need to assign non-admin users permissions to start, stop or query service status on your servers? I certainly have and what I found was that it was quite difficult to find clear information on how to complete this task. In the article I shall try to explain this clearly.

This post has moved - http://iunite.com.au/wp/blog/index.php/2011/09/how-to-use-subinacl-exe-to-assign-permissions-to-manage-services/

3 comments:

Kristy said...

Hi! Thanks for your post on SubInACL. I'm trying to figure out how to use this as, I have a laptop harddisk which I have connected to my computer - unfortunately, I cannot access the "Andrew" folder in "Documents and Settings" folder - it keeps saying Access Denied.

How do I use SubInACL to change the ownership of the Andrew folder to belong to "KC" user on my machine "Kristy" i.e. kristy\kc (KC has Administrator privileges)

Thanks,
Kristy

Kristy said...

I forgot to mention that the current owner of "Andrew" is builtin\administrators

I found this out by:

subinacl /file "F:\Documents and Settings\Andrew" /display

Kristy said...

Hi (again)! Good news :) By God's Grace, I've found the commands that work for me.

First, I got the values from an existing directory that I could open:

subinacl /file "C:\test" /display

Then I applied the same owner / group + full permissions to the directory:

subinacl /subdirectories "F:\Documents and Settings\Andrew\*" /grant=kristy\kc=F

subinacl /subdirectories "F:\Documents and Settings\Andrew\*" /setprimarygroup=kristy\none


subinacl /subdirectories "F:\Documents and Settings\Andrew\*" /owner=kristy\kc


Just posting this in case someone else might benefit from it :0)

Kristy