Tuesday, April 25, 2017
Set Windows Service Permission to Non-Administrator Accounts
Service related operations such as start/stop/restart windows services are usually assigned to Administrators. Sometimes, you might need to delegate these tasks to non-admin users. In this article, I will show the 4 methods to set the service's permission to any user account/service account. I will use SQL service (MSSQLSERVER) in domain environment.
Assign SQL service start,stop permission to Non-Administrator Account and SDDL explained
For full syntax of SDDL(Security Descriptor Definition Language) and ACEs (Access Control Lists), you can refer this TechNet article.
Here
we will assign the start/stop permission of MSSQLSERVER to ‘MyUser’ domain
user. Assume that computer has been SQL 2012 installed in domain environment. We can easily assign the necessary permission the by Powershell Access Control Module and will check which permissions are changed.
Friday, April 7, 2017
Change the Defult Boot OS and Time-Out for Dual Boot Windows
Recently I installed windows 8.1 along with existing windows 10 on my free partition. After reboot, the dual boot option gives me 30 second time-out with the default to windows 8.1 as seen in Fig-1. As I worked with Win-10 most of the time, I need my computer boot directly into windows 10 with less time-out. Since Windows Vista and later, windows shipped with bcdedit.exe which gives enhanced user option to edit the BCD Store (Boot Configuration Data, formerly called boot loader) before calling the windows kernel.
Tuesday, April 4, 2017
Active Directory Recycle Bin: Restore Deleted Objects or Wipe Off your Bin ?
Active Directory Recycle Bin is available from Server 2008R2 but it is disabled by default and it is one of the most useful feature for system admins in that he can restore any directory objects (user/computer or system accounts) that he mistakenly deleted.
You need Active Directory Administrative Center Console and forest functional level 2008R2 as a minimum to use this.
For the restore process, you can use GUI or powershell. For permanent deletion, powershell is the way to go.
You need Active Directory Administrative Center Console and forest functional level 2008R2 as a minimum to use this.
For the restore process, you can use GUI or powershell. For permanent deletion, powershell is the way to go.
Subscribe to:
Posts (Atom)