Give a specific user the right to restart a specific service

I often had the situation that a user has to restart a service he needs, and since I don’t want to do that all the time, I found a pretty good solution to give him exactly those rights 😉

Enable the rights on the server site

First, we need a Little tool, download the SubInAcl from MS.

After installation, start Powershell and change to the installed directory, then run the following Powershell command to give the AD user full access to the service

.subinacl.exe /Service \SERVERNAMESERVICENAME/GRANT=DOMAINUSER=F

Script to restart the service remote

Since the user now has the right to start and stop the service, we can give him a small script to make his life easier.

#Definitions
$ServerName = "SERVERNAME"
$ServiceName = "SERVICENAME"
#Get Status of The Service
$statusSAP = Get-Service -Name $ServiceName -ComputerName $ServerName
#If Service is running Restart it if not Start it
if($statusSAP.Status -eq "Running") {
    Get-Service -Name $ServiceName -ComputerName $ServerName | Stop-Service -Force
    Start-Sleep -s 3
    Get-Service -Name $ServiceName -ComputerName $ServerName | Start-Service
    Write-Host $ServiceName "Service was Restartet"
}else {
   Get-Service -Name $ServiceName -ComputerName $ServerName | Start-Service
   Write-Host $ServiceName "Service was Startet"
}

Future use

In the future it might be interesting to connect the script to Telegram so that the user can restart the service via his phone 😉 If you want to know more, here is a script that shows you how to send commands from the Telegram: Send-Commands-With-Telegram

Leave a Reply

Powered by WordPress.com.

Up ↑

%d bloggers like this: