I need to grant a specific account SERVICE_START permissions for a given Windows service.
There seems to be some methods for doing so here, but would prefer a method that's native to PowerShell and doesn't require external tools, for ex. by using Get/Set-ACL cmdlets, or calling some .NET API.
Does someone know how to do it in that fashion? Thanks in advance.
I think for this you should look into using subinacl.exe which you can download here. From the download it site it is described as:
SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain.
Using it from PowerShell appears to be pretty easy:
SUBINACL /verbose=1 /service Spooler /grant=PC\Joe=LQSTOP
Check out this article on using subinacl that Mark Minasi wrote..