windowswideopen.com

 

1. Download and install on the target computer the Windows resource kit utility Subinacl.
2.  Determine the target service name by opening the registry (Start -> Run -> Regedit) and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<ServiceName> (If the service name contains spaces, the whole parameter should be enclosed in quotation marks.)
3. Open the CMD prompt and navigate to the folder in which the Subinacl tool is installed (Default: c:\Windows\Program Files\Windows Resource Kit\tools\)

Run the command SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access] where ·  The user executing this command must have administrator rights in order for it to complete successfully.

·  If “MachineName” is omitted, the local machine is assumed.

·  If “DomainName” is omitted, the local machine is searched for the account.

·  Although the syntax example indicates a user name, this will work for user groups as well.

·  The values that ‘Access’ can take are:

   F : Full Control

   R : Generic Read

   W : Generic Write

   X : Generic eXecute

   L : Read controL

   Q : Query Service Configuration

   S : Query Service Status

   E : Enumerate Dependent Services

   C : Service Change Configuration

   T : Start Service

   O : Stop Service

   P : Pause/Continue Service

   I : Interrogate Service 

   U : Service User-Defined Control Commands

4. ·  If ‘Access’ is omitted then ‘F (Full Control)’ is assumed.

 

To automate the permission changes use the script below:

 

   strDomain   = Wscript.Arguments.Item(0)’domain where computer account is held

   strComputer = Wscript.Arguments.Item(1)’computer netbios name

   strSecPrinc = Wscript.Arguments.Item(2)’user’s login name as in: DomainNameUserName

   strAccess   = Wscript.Arguments.Item(3)’access granted, as per the list in the KB

   ‘bind to the specified computer

   set objTarget = GetObject(”WinNT://” & strDomain & “/” & strComputer & “,computer”)

   ‘create a shell object.  Needed to call subinacl later

   set objCMD = CreateObject(”Wscript.Shell”)

   ‘retrieve a list of services

   objTarget.filter = Array(”Service”)

   For each Service in objTarget

   ‘call subinacl to se the permissions

   command = “subinacl /service ” & Service.name & ” /grant=” & strSecPrinc & “=” & strAccess

   objCMD.Run command, 0

   ‘report the services that have been changed

   Wscript.Echo “User rights changed for ” & Service.name & ” service”

   next

The script should be saved as a .vbs file, such as “Services.vbs,” and called like this:

   CSCRIPT Services.vbs DomainName ComputerName UserName Access

 

grant permissions Operating System services vbscript Windows 2000 Windows 2003 Windows services Windows XPgrant permissions Operating System services vbscript Windows 2000 Windows 2003 Windows services Windows XP

Filed under: Operating System, vbscript, Windows XP, Windows 2000, Windows 2003, services