ServiceController Shutting down IIS Security Access

Question

Hi Folks,

I am using the ServiceController class to remotely shutdown IIS from a C# Assembly. I was wondering what is the least level of privlidges I need to do this over the network, in my current testing I am using Administrator and it works fine, but when I migrate thru to Production I will be using an AD group and need to give it the correct level of security?

           // Make a call to IIS to shutdown the service. 
           ServiceController sc = new ServiceController(serviceName, serverName);

            //Can we stop the service
           if (sc.CanStop)
           {
               //Stop it
               sc.Stop();
           }

Cheers, Conor

Answer 1

Hi

Windows services are secured by access control lists (ACLs). These are the same as file access contol lists used to secure files, directories, registry keys etc.

If your AD user doesn't already have sufficient permissions over the service you are controlling, you need to arrange for the appropriate permission (i.e. SERVICE_STOP) to be granted prior to (or as part of) deployment to Production.

Command-line tools such as SUBINACL can be used to manipulate ACLs on Windows services.