locked
Start and stop a service with Schedule Task in Windows server 2008 R2 with a domain user account RRS feed

  • General discussion

  • We have put in a lot of effort to find a easy way to start and stop a service as a task.

    The way we took was as flow:

    The example will we start and stop the spooler service, with leased privileges a plain domain user account.

    1                           Create user account

    Create domain user account as service account ex. linklab.nu\sa.PrintSpool

    2                           Sett Local Security

    1. Log on to the print server (gbg-printsrv01.corp.linklab.nu) a Windows Server 2008 R2
    2. Open the “Local Security Policy” MMC snap-in from “Administrative Tools”
    3. Go to Security Settings → User Rights Assignment double click on Log on as a batch job
    4. Add the linklab.nu\sa.PrintSpool account, press OK and close the mmc

    3                           Change the Execution Policy Change:

    1. Go to Start Menu → All Programs → Accessories →Windows PowerShell, right click Windows PowerShell and start as an Administrator
    2.  Type Set-ExecutionPolicy RemoteSigned in the Power Shell console, press enter
      typ Y and press enter. Close the command window

    4                           Create four scripts

    1. Ex. Create the catalog c:\scrips for the scripts
    2. Sett the security settings to Full Control for sa.PrintSpool on the catalog c:\scrips
    3. It will be one bat script for stop and one for start, these scripts starts corresponding powershell scripts.

    Bat Script

                 Filname:            stop_Spooler_service.cmd

                 Script:                powershell.exe C:\Scripts\stop.ps1

    Powershell Script

                 Filname:            stop.ps1

                 Script:                Stop-Service Spooler

    Create also a corresponding sett of files to start the spooler services

    5                           Create tow Schedule Tasks

    1. Create two tasks one for start and one for stop

    Action:                            Start a program                           C:\Scripts\start_Spooler_service.bat

    Run whether user is logged on or not                                  check

    Run with highest privileges                                                 check

    Set a Trigger                                                                      feel free

    To run the task use domain account                                     sa.PrintSpool

    1. Create one task for stop as well

    4                           Create a security template

    1. Open Run type mmc press ok, add the MMC snap-in Security Configuration and Analysis and Security Templates
    2. Expand Security Templates right click C:\Users\Administrator(example)\Documents\Security\Templates select New Template…..
    3. Type Template name : TempSpooler, OK
    4. Expend TempSpooler mark System Services, fined Print Spooler in the right panel and double click  a new dialog will open
    5. In the Print Spooler Properties dialog
      1. Check Define this policy settings in the template
      2. Select the start up mode to automatic
      3. Press The Edit security.. button
    6. Add the sa.PrintSpool account with following permissions
      1. Start, stop and pause
      2. Read
    7. Press OK twice
    8. Press save the template
    9. Right click the Security Configuration and Analysis scope item in the console tree
    10. Select Open Database type SpoolerDB open
    11. Import the TempSpooler template, press open
    12. Right click the Security Configuration and Analysis scope item again
    13. Select Configure Computer Now
    14. Press ok to the default log file patch
    1. Right      click the Security Configuration and Analysis scope again
    2. Select      Analyze Computer Now

    17.  Press ok to the default log file patch

    1. Check      so the configuration took for the Print Spooler service it shell have a      green mark
    2. Close      the mmc without saving

    It shall now be ready to test the Schedule tasks, you have created

    PS: Thank you Niklas V, for the solution


    Martin Skorvald Elevation AB

    Friday, March 1, 2013 9:38 PM

All replies

  • Thank you for sharing this information. Hope this will help some other people in this forum.

     

     

    Regards,

    Zhang     

    TechNet Subscriber Support

    If you are TechNet Subscriptionuser and have any feedback, please send your feedback here.

    Monday, March 4, 2013 8:20 AM
  • Martin, would you consider trying a tool that let's you delegate admin rights to normal domain users using a GUI instead? With System Frontier, you could easily give regular domain users rights to start/stop services as well as scheduled tasks and almost any other remote action via script delegation. I'd love to get some feedback from you on it.
    Tuesday, March 5, 2013 12:37 PM