Which user permission does a service need to start/stop other services?

Question

I've wrote a service that should start/stop other services. This is the code I'm using:

ServiceController sc = new ServiceController("servicename");
if(sc.Status != ServiceControllerStatus.Running)
{
    sc.Start();
}

This is the callstack of the exception. (Sorry, but the message is localized in german, but that's not relevant for understanding my problem)

System.InvalidOperationException: Der Dienst SCardSvr kann nicht auf dem

Computer . geöffnet werden. ---> System.ComponentModel.Win32Exception: Zugriff verweigert
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.ServiceProcess.ServiceController.GetServiceHandle(Int32 desiredAccess)
bei System.ServiceProcess.ServiceController.Start(String[] args)
bei System.ServiceProcess.ServiceController.Start()

Currently I'm running the service under 'Networkservice'. I guess that account does not suffice the necessary user rights.
I'm going to create a new user that the most minimal permission required to start/stop arbitrary serivces.
What permissions does this new useraccount need?

Answer 1

Does it need to be able to start and stop arbitrary services, or a specific set?

For more fine grained control you can set permissions against a specific service. See http://msmvps.com/blogs/erikr/archive/2007/09/26/set-permissions-on-a-specific-service-windows.aspx?CommentPosted=true#commentmessage

Members of the 'power users' group have some ability to start and stop services. See http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_default_settings.mspx?mfr=true