Dangerous Things
Custom gadgetry for the discerning hacker

The Store is now open! Check out the gadgetry »
Like what you're reading?
Share It.

Granting non-admin account perms to start/stop Windows services

This is something I learned a long time ago but forgot and actually had to google to find again. Sometimes you want a certain local or domain account to have the right to start or stop a specific service, but not give the account admin privileges or even access to other system services. To do this, use a security template to configure system services ACLs:

– Create a new custom mmc with Security Templates and Security Configuration and Analysis snap-ins. (Go to Start > Run, type mmc, press enter, add the snap-ins from the menu)

– Expand Security Templates and right click on C:\Windows\security\templates, select New Template. Give a name to the template and click OK.

– Select the template that you just created from left panel of the mmc, expand it and select System Services.

– Double click the service you want to delegate permissions on from the right pane of the MMC. Tick the check box to “Define this policy setting in the template”. Click “Edit Security” button. Add the account that you wish to delegate permission for and make sure to check the box to allow “Start, stop and pause” permission. Click OK twice.

– Right click on the template that you just configured and click Save.

– Right click on Security Configuration and Analysis from left pane of of the mmc window and select Open Database. Give the database a name
and select Open.

– Select the template you just configured when prompted to import the template.

– Right click on Security Configuration and Analysis from left pane of of the mmc window again, select Configure Computer Now.

Leave a Reply

Get Adobe Flash player