I often had the situation that a user has to restart a service he needs, and since I don’t want to do that all the time, I found a pretty good solution to give him exactly those rights π
Enable the rights on the server site
First, we need a Little tool, download the SubInAcl from MS.
After installation, start Powershell and change to the installed directory, then run the following Powershell command to give the AD user full access to the service
.subinacl.exe /Service \SERVERNAMESERVICENAME/GRANT=DOMAINUSER=F
Script to restart the service remote
Since the user now has the right to start and stop the service, we can give him a small script to make his life easier.
#Definitions $ServerName = "SERVERNAME" $ServiceName = "SERVICENAME" #Get Status of The Service $statusSAP = Get-Service -Name $ServiceName -ComputerName $ServerName #If Service is running Restart it if not Start it if($statusSAP.Status -eq "Running") { Get-Service -Name $ServiceName -ComputerName $ServerName | Stop-Service -Force Start-Sleep -s 3 Get-Service -Name $ServiceName -ComputerName $ServerName | Start-Service Write-Host $ServiceName "Service was Restartet" }else { Get-Service -Name $ServiceName -ComputerName $ServerName | Start-Service Write-Host $ServiceName "Service was Startet" }
Future use
In the future it might be interesting to connect the script to Telegram so that the user can restart the service via his phone π If you want to know more, here is a script that shows you how to send commands from the Telegram: Send-Commands-With-Telegram
Leave a Reply