none
How to perform the following without local admin permissions?

    Question

  • Hello,

    I need to grant the following permissions and abilities to a group to do the following:

    • Ability to read all Event Logs
    • Ability to stop/start SCOM Health Service
    • WMI access
    • Ablity to query status of all services
    • Ability to enable remote PowerShell commands

    The version of Windows Server that I need to be able to do with with are, Windows Server 2008 R2, Windows Server 2008 Std Edition and Windows Server 2003.  Are there local groups that I can use to do this?

    Any guidance/advice in accomplishing this would be greatly appreciated.

    Thanks in advance.

    Monday, June 17, 2013 1:01 PM

Answers

All replies

  • You are probably looking for User Rights Assignment. Check this out: http://technet.microsoft.com/en-us/library/dd349804%28v=ws.10%29.aspx

    .


    “The very concept of sin comes from the Bible. Christianity offers to solve a problem of its own making! Would you be thankful to a person who cut you with a knife in order to sell you a bandage?” ― Dan Barker, Losing Faith in Faith: From Preacher to Atheist

    Monday, June 17, 2013 5:12 PM
  • Thanks Hapkido-naja, but that is not what I was exactly looking for.

    John Houser

    Monday, June 17, 2013 5:29 PM
  • Hi JHouser, I'm not aware of any ready for use group for the things you want. Is my understanding correct you want a ready for use group(s)?

    .


    “The very concept of sin comes from the Bible. Christianity offers to solve a problem of its own making! Would you be thankful to a person who cut you with a knife in order to sell you a bandage?” ― Dan Barker, Losing Faith in Faith: From Preacher to Atheist

    Monday, June 17, 2013 6:00 PM
  • Not really looking for a ready to use group.  It would be nice, but definitely not a requirement.  We are moving to a new forest and we need a way to give other groups the access they need to do their job, but not for them to have local admin access.

    Thanks


    John Houser

    Monday, June 17, 2013 10:23 PM
  • Ability to read all Event Logs 

    --> You can add users in built-in Event Log Readers local group

    Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008

    Ability to stop/start SCOM Health Service

    --> Using AD to allow a user to start/stop a service

    WMI access

    --> Configuring a regular (non-admin) user account for WMI monitoring

    Ablity to query status of all services

    --> Please elaborate on " query status of all services " part.

    Alternatively, please refer query status of all services

    Ability to enable remote PowerShell commands

    --> I doubt normal user can do that. But please ask this question in powershell forum to be sure.


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own.

    This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Blog | Wiki

    Tuesday, June 18, 2013 5:24 AM
  • Hello,

     I am seeking advice on how I can accomplish the following tasks without giving certain groups local admin rights on the servers.

    • Ability to query the status of all the Windows Services
    • WMI access
    • Ability to read all Event Logs
    • Ability to query status of all services
    • Enabling remote PowerShell commands

     The servers I need to give this type of access to are mainly Windows Server 2008 R2, Windows Server 2008 Std Edition and Windows Server 2003.

     Any advice and guidance would be greatly appreciated.

     Thanks in advance.


    John Houser

    Wednesday, June 19, 2013 1:53 PM
  • Hello,

     I am seeking advice on how I can accomplish the following tasks without giving certain groups local admin rights on the servers.

    • Ability to query the status of all the Windows Services
    • WMI access
    • Ability to read all Event Logs
    • Ability to query status of all services
    • Enabling remote PowerShell commands

     The servers I need to give this type of access to are mainly Windows Server 2008 R2, Windows Server 2008 Std Edition and Windows Server 2003.

     

    Hi,

    Please find below comments which can help you to achieve the task.

    Please let us know if this helps you.

    HTH


    Thanks & Regards,
    Amit Katkar (MCITP Windows 2008)
    ------------------------------------------------------------
    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Wednesday, June 19, 2013 2:51 PM