Need Help with net start and Windows 7 UAC


  1. z666zz666z
    Posts : 3
    Multiply Linux & Multiply Windows
       New #1

    Need Help with net start and Windows 7 UAC


    Thanks for all info and tutorial.

    I have one big problem:
    • UAC must be ON since a normal user can use the PC but i do not want such normal user can run anything thet requieres admin (except net start ServiceName)
    • ServiceName is just one service, not any service on the PC, justo only one specific service... same for net stop ServiceName
    • I have a Batch Script i need to run without elevating permissions
    • Inside it i need to run certain commands, like net start, thet need elevating permissions
    • The script must be able to be run by a normal user, but without user interaction


    In other words, i a batch file having something like:
    Code:
    @ECHO OFF
REM Bla bla bla, some sentences i do not want to be run with admin privileges
net start ServiceName
REM Bla bla bla, some sentences i do not want to be run with admin privileges
REM etc etc
    I need that script to be run without user interaction (for example when Remote Controling the PC or by remote running from another PC)
    I also need that script can be run by a normal user

    I have the problem just on the net start sentence (the only one that needs to be run as admin, elevated permissions, etc).

    If a UAC message brings up, remote control gets frozen and i must go where the PC is physical to be able to still remote control it, so the solution requiers no UAC message bring up.

    If i turn off UAC, then the "normal" user can run whatever wants as admin (with some hack tools run from pendrive, i had tested by my own and it is simple incredible what you can do on Windows with a "normal" account when UAC is off... i can also delete the full Windows folder and cause a BSOD with just UAC off and a normal account... so UAC must be on, not off

    Obviously i do not want to give de admin password to the user... again the same problem... i do not want the user to be able to run anything (except net start ServiceName and net stop ServiceName) that requieres admin.

    Any help?

    Thanks in advance.
    Last edited by z666zz666z; 29 May 2012 at 05:50. Reason: Forgetting give thanks in advance
      My Computer
    Quote Quote

  3. logicearth
    Posts : 5,642
    Windows 10 Pro (x64)
       New #2

    Task Scheduler
      My Computer
    Quote Quote

  4. z666zz666z
    Posts : 3
    Multiply Linux & Multiply Windows
    Thread Starter
       New #3

    Task manager is not a solution!!!

    The script must be run by a normal user when he/she wants!!!

    Imagine a personal Oracle Server services:
    -User need to start and stop them
    -I also need to be able to do it remotly

    Imagine the database must not allways be stated.

    Same for any other service... but i need to let that normal user to start/stop just one service, not all!!!

    Task scheduler is not an option, sorry!!!
      My Computer
    Quote Quote

  6. FliGi7
    Posts : 1,814
    XP / Win7 x64 Pro
       New #4

    If I understand this correctly, you need the user to be able to execute a program with User (standard) privileges that performs both User-level and Admin-level privileged operations?

    If so, you'll have to use the "runas" command in the script to run the certain operations with admin privileges which will require a password authentication. This will need to be provided in the command line (of which the user will be able to see if they open or edit the script) or at run time, which you say you are trying to avoid.

    I don't believe there is any other way around this. You either have to invoke the script with admin privileges (which will require password authentication when run from a standard user account) or you have to include the admin password in the script for running those particular admin-privilege commands.

    Task Scheduler was provided as an option in that it can run commands with admin/system level privileges while a standard user account is logged in, thus not requiring admin authentication at runtime. However, it can't be done on a ad-hoc basis by the standard user.
      My Computer
    Quote Quote

  7. z666zz666z
    Posts : 3
    Multiply Linux & Multiply Windows
    Thread Starter
       New #5

    You understand it perfectly, that is the problem i am having.

    The user must be able to run a script (such normal user can edit such script).

    And i do not want the normal user to be able to run anything (except what i want) that need admin privileges.

    I had read (but not understand) there is a way to configure services privileges... etc... in other words something about configuring thet one service can be started/stoped by one normal account without password, etc...

    What i had undestand is thet is similar to giving file permissions, etc... but on services.

    Well since i do not understand such thing... and it may be just the perfect solution to this specific problem... i wish to know more...

    I have read a command line that may do something like that, it is:
    Code:
    setacl.exe -on spooler -ot srv -actn ace -ace “n:domainuser1;p:start_stop”
    I do not understad it perfectly... but it seems to grant such user to start and stop a service called spooler (if i did not understand it badly.

    Can someone explain such command and how it works!

    I mean: it must be run on admin account or a user with admin privileges... or in the user account? and what is for each argument.

    i will try to find more info on such setacl.es (i never use such command and it looks like it is for configuring privileges from command line, something that would make me more easy to do some tasks i do with GUI).

    I known this is only for services (and file and folder privileges i supose), but not for running any exe... since actually i only need to let user start and stop such service it may be just what i need now... or not?

    Thanks in advance!!!

    P.D.: I will investigate more about such "setacl.exe"... is it present on all Windows? also on Home versions?
      My Computer
    Quote Quote

 

  Related Discussions
Hi, Can someone please help me? I'm a first-time forum user :o I've got an Acer Aspire laptop here that has decided to stop loading/starting up. When I turn the power button on: - I can see the Acer logo screen (and also get into setup if I press F2) - The cursor (_) blinks once or twice...
BASIC INFO I have Windows Ultimate (x64). I use the Asus Suite II supplied with my Asus Asus P8Z68-V Pro Gen3 Motherboard (which I like for fan and temperature monitoring) PROBLEM Ai Suite II always loads BUT "on screen" it is messy during loading because a seemingly AI Suite bar sized...
I have been trying to pinpoint this problem for a little shy of a week now. I have a custom built desktop which was running windows 7 Ultimate when it started to have troubles shutting down and booting up. It would fail to shut down and the windows start up would either get stuck for awhile(on the...
Hello everybody. The graphic card tool EVGA Precision has an option - Start with Windows - but the tool can only be started with admin rights. I prefer to not use an admin account for my daily work, how can i setup Precision to autostart for my user account ? I already tried to use a regedit...
Hi, I am hoping people on the forum can help me. Got a Dell XPS M1550 last year January. Everything was fine until today. It's a North American machine, but I was in England for an exchange and currently am, and I think Dell warranty on Hardware is 1 year anyway so really no point after 3...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:01.
Find Us