0

In our old 2003 server, we were able to start and stop services by using a bat file(with net stop and net start commands). When ever the services stops(MQ listner services), we force start an autosys job which will trigger the bat script to start the services.

But after moving to Windows 2012, this set up no longer works and we ended up logging on weekends/nights just to start the services. My ID is part of power users group and I can start/stop the same services on GUI and command line by using Administrator mode. But it is not working with bat script and we get below error message.

System error 5 has occurred.
Access is denied.

How can we tell the script to choose Command prompt(Admin) while running it?

Raghav
  • 21
  • 1
  • 3
  • Why do you need to stop and start the services? – joeqwerty Jun 21 '16 at 11:17
  • If you run `sc.exe sdshow MSMQ` you will see the security descriptor for the service, it is most likely that your scheduled task account does not have permissions to start/stop the service. Access to services is much more restricted since Server 2008. – Peter Hahndorf Jun 21 '16 at 15:47
  • @joeqwerty whenever the application fails to send messages to MQ server, App team requests to restart the services. these are client listener services. – Raghav Jun 21 '16 at 16:44
  • @PeterHahndorf Below the result of sc.exe sdshow servericename `D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)` Now when the i run the script after logging to the server, it will be Authenticated users, so i was able to stop/start the services. But the scheduler (autosys), connects by Service logon user and so it didn't have permissinon to stop/start the services. Is it possible to change the permissions so that Service logon user can also start? – Raghav Jun 21 '16 at 17:01
  • @Raghav - Yes you can change the permissions using: `sc.exe sdset...` but you may need to learn a bit about the whole security descriptor language first. – Peter Hahndorf Jun 21 '16 at 17:58
  • @PeterHahndorf - thank you for the inputs. let me check with our Security team if there will be any security policy violation here. – Raghav Jun 22 '16 at 17:16
  • @PeterHahndorf I have tried this on our server. It took a while for me to convince our people here. But It has worked well. Thank you for your inputs – Raghav Aug 22 '16 at 17:29

0 Answers0