Allow an unprivileged domain user to start and stop services on a Windows server

Use case: You have a script server that does recurring scheduled administrative tasks for you. One of these is to regularly restart a remote machine’s service “greatservice1”.

  1. create a domain user “yourdomain\script-user-1”
  2. use subinacl from the Windows Resource Kit to grant that user the right to start and stop the “greatservice1” service on the remote server:
  3. write a basic Powershell script that restarts the service, like for example:

  4. schedule the script for daily execution

References:

  • https://www.microsoft.com/en-us/download/details.aspx?id=23510
  • https://support.microsoft.com/en-us/kb/325349