Allow Server Operators to use AT command

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Control\Lsa
Name: SubmitControl
Type: REG_DWORD
Value: 1

On a Domain Controller, the server operator accounts must be added to the Server Operators group. On a member server or a stand-alone server, they must be added to the local Administrators group. There is no way to allow anyone not in such powerful groups to issue AT commands. Scheduled tasks are run in the security context of the Schedule service which often is allowed to execute as SYSTEM. Adding users to such powerful groups is NOT recommended. Third-party products are better approach if they do not also run as operating system powerful account.

Featured Links