How To – Allow non-admins to start and stop system services

Jump down to Step 1 to skip the blurb

Any Microsoft Windows operating system has services. These are little programs that run in the background of the OS to keep things ticking over. They’re really fundamental to servers as it means that programs can run in the background without any user being logged. In fact Windows servers are fine-tuned to give better performance to background services rather than any app running on the screen.

It’s always the best principle to log on with the least amount of privileges on any PC, i.e. you shouldn’t log on to a desktop or server with full admin rights. You should log on as a normal user and only elevate the  programmes authority to admin level if absolutely necessary.

Some System Administrators may want an easy life and just let everything “run as admin” as it cuts back on a lot of problems, especially when using old software. Obviously this greatly widens the security attack vector, as any user who can gain access to the machine can do anything they want on it.

However, one of the issues of running as a standard user is that you are not allowed to stop or start Windows services. That is by design, you wouldn’t really want a non-admin to stop a critical service. The problem is when you have a Service Account running (as good practice dictates) as a lowly user. To get around this you can give the Service Account permission to do whatever you want to a particular service you want. Unfortunately, this is a bit more convoluted than setting file permissions. This article will explain how to achieve this. It applies to all versions of Windows from Windows 2000 or newer. My screenshots are from the Windows 8 Developer Preview.

Continue reading How To – Allow non-admins to start and stop system services

WAMP, or installing Apache, MySQL & PHP on Windows Server 2003

Occasionally I get asked to do things that I don’t like to do. One of them is setting up a server with Windows Server 2003 on it. I’d much rather always go for the current operating system (e.g. Server 2008 R2) and if there is some incompatibility then we can work through it. One time this doesn’t apply is when you are setting up a server as a cold backup. This is a benefit of Software Assurance

For each Server License you have with Software Assurance, you have the right to install the same software product on a “cold” backup server for disaster recovery purposes

That means I can have one server waiting unplugged in server room to switch on if it’s twin server goes bang. I needed to build a replica of a particular web server in our company. It has to be exactly the same as the existing one because it is for Disaster Recovery only, therefore, no point in wasting a new licence. Yes the time may come when we have tested enough to get it on the most current OS but when that happens I’ll also update the cold backup.

So, on with the main part of this article. I have to install versions of Apache, MySQL and PHP on Windows (a.k.a. a WAMP server). The original server was set up by a person long gone from the company so it was a chance for me to try something new. I found the whole process really easy thanks to following the article » Beginners Guide: Install PHP 5, MySQL 5 on Apache 2.2 on Windows (with screenshots!) but there were a few tweaks and notes I had to do to get everything singing happily together. Below is the process I went through.

Continue reading WAMP, or installing Apache, MySQL & PHP on Windows Server 2003

How to Migrate Windows Deployment Services to a new Server

When we first started using Windows Deployment Services (WDS) it was installed as a test on our backup server. It came to the point where we wanted to put it on a more permanent server with some built in hardware redundancy. Luckily this was easy to do.

In the following example I migrated WDS from a Windows 2003 R2 x64 server to a Windows 2003 R2 x86 server

Step 1 – Install WDS

Install WDS from the component wizard

  • On the new server open the Add/Remove programs control panel (appwiz.cpl)
  • Click the Add/Remove Windows Components button to open the “Windows Component Wizard”
  • Scroll down the list and tick the “Windows Deployment Services” box
  • After the wizard is completed, set up the WDS as you did on the old server. Make sure you untick the box to “add images” at the end of the wizard.

Continue reading How to Migrate Windows Deployment Services to a new Server