Need some special privileges for NON-Admin user

Need some special privileges for NON-Admin user

Post by Marc » Tue, 31 Jul 2007 18:02:38


Hello everybody.
I hope that I'm on the right place.....I've a little question: I need
to grant to an user on a client, that is part of Backup Operators, to
have full access to the services on a Windows XP computers. Precisely,
this user have to verify if a service exist and eventually create this
service on the client computer.

On the event viewer of the client, I activate the audit for the object
access and I received this error on the event viewer:

************************************************************************************************************
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
Handle ID: -
Operation ID: {0,1276636}
Process ID: 508
Image File Name: C:\WINNT\system32\services.exe
Primary User Name: computer$
Primary Domain: ADDOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: BackupAdmin
Client Domain: ADDOMAIN
Client Logon ID: (0x0,0x12A1D1)
Accesses: DELETE
READ_CONTROL
WRITE_DAC
Connect to service controller
Create a new service
Enumerate services
Lock service database for exclusive access
Query service database lock state
Set last-known-good state of service database

Privileges: SeTakeOwnershipPrivilege
Restricted Sid Count: 0

************************************************************************************************************

Have you some idea on how to solve this problem?

Thank you very much in advance.

Marco Sciarrone
 
 
 

1. No privileges to access HID Filter Driver in Windows XP Non-Admin User Account?

2. Users Overlook XP's Non-Admin Security; Least Privilege

By Ryan Naraine

Microsoft is sparing no expense to spread the Least-privileged User
Account security gospel ahead of next year's Longhorn launch, but a
little-known fact-especially among IT administrators and end users-is
that the technology is already available in the Windows operating
system.

The LUA principle, also known as non-admin or minimum rights, is
accepted within software security circles as a key to reducing damage
from malicious hacker attacks, but on Windows systems, although the
option is available, experts say end-user adoption remains
"frighteningly low."

http://www.yqcomputer.com/ ,1759,1830637,00.asp

Least Privilege' Can Be the Best
By David Coursey

Opinion: Forcing administrator privileges to be set as the default
for all accounts leaves users exposed to malware.

Want fewer security hassles? Demote yourself!

Want to do something right now that can help protect you from malware?
Then stop being an administrator. No, I am not suggesting a career
change, though I suppose that would have much the same effect.
Rather, I hope you'll consider using your desktop's administrator
account only when absolutely necessary and creating a user account for
general computing.

Why am I making this suggestion? Because too many people do all their
computing as administrators -- even those whose user name is something
besides "Administrator."

http://www.yqcomputer.com/ ,1759,1772361,00.asp

3. All Users Installation Issues for Admin and Non-Admin users

4. revoking Privilege from One Admin User On Table Owned by Another Admin User

5. IIS Admin by a non-admin user

6. privileged operation by non-privileged user using ASP

7. Any way that non-Admin group users can add like-kind users?

8. Ending user processes as a non-admin user

9. Running a process requiring super user privilege from non super user

10. give non admin user dl admin

11. Start IIS Admin service as a non admin user

12. How do non-admin users create a query in a secured database?

13. NotifyAddrChange for non-admin user account

14. Install .NET Runtime as non-admin user