Start a windows service without elevation

service elevated-privileges
Be.St. picture Be.St. · Mar 19, 2013 · Viewed 13.3k times · Source

I have a windows service "Service1" configured to log on as "Local Service".

I built a console application to start it programmatically.

        var service = new ServiceController("Service1");
        service.Start();

I know that if I run the ConsoleApplication1 from an administrator command prompt it starts smoothly.

And if I run it without elevation I get an:

System error 5 has occurred.

Access is denied.

But, I need to start it without elevation.

Is it possible, or I have to change the way to achieve this?

Answer

Bill_Stewart picture Bill_Stewart · Mar 19, 2013

You can set the ACL for the service itself to allow this. The SetACL.exe utility makes this (somewhat) straightforward; e.g.:

SetACL.exe -on "MyService" -ot srv -actn ace -ace "n:S-1-5-32-545;p:start_stop"

This allows members of the Users group (S-1-5-32-545) to start and stop MyService.

Related questions

How to check if a particular service is running on Ubuntu

I do not know the service's name, but would like to stop the service by checking its status. For example, if I want to check if the PostgreSQL service is running or not, but I don't know the service's name, …

Read More
How SID is different from Service name in Oracle tnsnames.ora

Why do I need two of them? When I have to use one or another?

Read More
Start service in Android

I want to call a service when a certain activity starts. So, here's the Service class: public class UpdaterServiceManager extends Service { private final int UPDATE_INTERVAL = 60 * 1000; private Timer timer = new Timer(); private static final int NOTIFICATION_EX = 1; private NotificationManager notificationManager; …

Read More