How to Allow Non-Admin To Start And Stop System Services

Step 1 – Create the Console

Ø  Click Start > Run (or press WIN + R) and type “mmc.exe”

Ø  This opens an empty Microsoft Management Console. Click File > Add/Remove Snap-in… (Ctrl+ M)

Ø  Scroll down the list of available Snap-ins and select Security Configuration and Analysis

Ø  Click Add

Ø  Next select Security Templates

Ø  Click Add

Ø  Click OK

 

  Step 2 – Create a blank Security Template

Ø  Right-click Security Templates from the console tree and select New Template Search Path.

Ø  Browse to C:\temp, or other local path, and click OK

Ø  Right-click C:\temp from the console tree and select New Template

Give the new template a name,

E.g. Windows Services. It doesn’t matter what you use.

Ø  The Description is optional but may be useful if you want to re-use it

Ø  Click OK and you will see the new template appear in the console

 

Step 3 – Create a Security Database

Ø Right-click Security Configuration and Analysis from the console tree and select Open Database

                      Ø Browse to C:\temp, or other local path, and type a name in the box

E.g. Security

Ø  Click OK. This creates an Security.sdb file that is used to apply the changes

Ø  An Import Template window appears.

Browse to C:\temp\ Windows Services.inf and select Open. This applies the template with all the local services to the database

Ø  If you get the error “The database you are attempting to open does not exist.” then you need to choose a different path i.e. on a local disk

Ø  Right-click Security Configuration and Analysis from the console tree and select Analyze Computer

Ø  Click OK to accept the default log file path

Ø  You will then be presented with something that looks very similar to the Group Policy Editor or Local Security Policy Console.

 

                       

Step 4 Change Service Permissions

Ø  Double-Click System Services

Ø  Scroll down to find these 3 services which you need to change Service

Ø  Double-Click the service

Ø  Tick the box Define this policy in the database

Ø  Click the Edit Security button

Ø  Select or add user And Allow Full Control.

Ø  Click OK on the Service Properties to bring you back to the console

Ø  You’ll notice the Service now has an ‘x’ on it and Investigate message on the Permission column. This is because the new permissions we’ve chosen conflict with what is on the local computer.

 

Step 5 – Apply new Security Permissions

Ø  Right-click Security Configuration and Analysis from the console tree and select Configure Computer.

Ø  Click OK to accept the default log file path.

Ø  This will apply the new custom permissions to the local computer

Ø  You can now test it out on the server with the  account and test it works.