Skip navigation

JSI Tip 2928. How do I configure Group Policies to set permissions on a service?

If you wish to control who can manage a Windows 2000 service:

01. Start / Programs / Administrative Tools / Active Directory Users and Computers.

02. Right-click the domain and press New / Organization Unit.

03. Name the OU and press OK.

04. Right-click the new OU and press Properties.

05. Select the Group Policy tab.

06. Press New and name the Group Policy, possibly with the name of the OU.

07. Select the new Group Policy and press Edit.

08. Press Computer Configuration / Windows Settings / Security Settings / System Services.

09. Double-click the service you want to apply permissions upon.

10. Check the Define this Policy Setting box. This will grant the Everyone group Full Control.

11. Press Remove to remove the Everyone group.

12. Press Add and add the System Account, service account (if different) and any other account you want to grant access.

13. Grant Full Control to the System Account and Service account, and Read, Start, Stop, and Pause permissions for users and groups.

14. Press OK when you are finished adding and granting.

15. Change the service startup mode to Automatic.

16. Press OK, close the polcy, and press OK.

17. Move the computer accounts into the OU, which will allow the users and groups you added to manage the service.

NOTE: If you improperly set permissions, correct it using the above procedure and the use Regedt32 to navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\<ServiceId>\Security and delete the Security key. Restart the computer.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.