After you configure a group policy to set permissions on a service, the service in Control Panel may not function properly. If you try to open the service properties, you may receive the following error message:
Unable to open service DNS Server for reading on Local Computer. Error 5: Access is Denied.
In addition, if you type net start "service" at the command line, you may receive the following error message:
System Error 5 has occurred
Access is Denied
This behavior occurs because you need the following permissions to open the properties of a service, and to stop, start, or pause a service:
Stop, Start, and Pause
NOTE: This is also true when using net commands at the command line.
To resolve this issue, reapply the policy and give the user the correct permissions.
For additional information about how to apply a system service security policy correctly, click the article number below to view the article in the Microsoft Knowledge Base:
256345 Configuring Group Policies to Set Security for System Services
Microsoft has confirmed this to be a problem in Microsoft Windows 2000.
When you add a user through Group Policy Editor in the System Service Security Policy, the default permissions are start, stop, and pause.
If you are unable to change permissions through a policy because the policy is not applied, see the following Microsoft Knowledge Base article:
257247 Policy Changing System Service Permissions Does Not Apply