Windows: Cleanup Permissions from deleted Active Directory Objects

Hi,

in domain environments it sometimes happens that user or groups would be deleted but is still authorized on many object, i.e. filesystems, shares etc..

More »

Windows: Set permissions on a service

Hi,

when it is necessary that normal user needs the ability to do some operations on a service, such as starting or stopping, multiple ways exists to grant these permissions. Windows has no GUI or (easy to use) command line tool on board to set these access rights. I will show you 3 ways to set them.

  • Sysinternals Process Explorer
  • sc.exe (Service controller)
  • subinacl.exe (The security swiss knife)

For the following examples I will use the OpenVPN Service with its Service Name openvpnservice and assign the start and stop permissions to a user or group. But its the same procedure for all other services.

The easiest way is to use the sysinternals Process Explorer. It provides a graphical user interface but  has the dependency that the service must be in the running state before process explorer is started. If you already have a valid openvpn configuration start the service:

sc start openvpnservice

Then start the process explorer as administrator and locate the openvpn service process openvpnserv.exe.

Openvpn Process

Openvpn Process


More »

Powershell: Check for Administrator rights

Hi,

for a lot of powershell scripts Administrator permissions are necessary. In powershell, you can check if you are elevated by the following script code.
Insert the snippet at the top of your script. It checks the credentials and exits the script if the administrator permissions are missing.
More »

Original Theme by Schiy · Powered by WordPress