From s23
Jump to navigation Jump to search

windows commandline stuff


subinacl.exe is in a windows resource kit

allow a restricted (non-admin) user to control a specific service[edit]

for example the OpenVPN service

SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access]

C:\Programme\Windows Resource Kits\Tools\subinacl.exe

subinacl /SERVICE "OpenVPNService" /GRANT=fnord=TO

OpenVPNService : new ace for theta\fnord OpenVPNService : 1 change(s)

Elapsed Time: 00 00:00:00 Done: 1, Modified 1, Failed 0, Syntax errors 0 Last Done : OpenVPNService

fnord is the username, TO means the ability to start and stop the service, there are other abilities too:

  F : Full Control
  R : Generic Read
  W : Generic Write
  X : Generic eXecute
  L : Read controL
  Q : Query Service Configuration
  S : Query Service Status
  E : Enumerate Dependent Services
  C : Service Change Configuration
  T : Start Service
  O : Stop Service
  P : Pause/Continue Service
  I : Interrogate Service 
  U : Service User-Defined Control Commands


see WmicAliase