Granting Non-Admin Users permission to manage specific services
1. Login as an administrator
2. Install subinacl.exe (http://www.microsoft.com/en-us/download/details.aspx?id=23510)
3. Open a command prompt
4. Navigate to c:\program files (x86)\Windows Resource Kits\Tools\
5. Below are examples of the syntax to use to grant permissions to a particular service
- SUBINACL /SERVICE \\MachineName\ServiceName /GRANT=[DomainName\]UserName[=Access]
- subinacl.exe /service \\localhost\gupdate /GRANT=domain.com\username=F
- subinacl.exe /service \\localhost\VMTools /GRANT=domain.com\username=F
6. Log out the administrator and let the end user log back in.
Valid Access Values
F : Full Control
R : Generic Read
W : Generic Write
X : Generic eXecute
L : Read controL
Q : Query Service Configuration
S : Query Service Status
E : Enumerate Dependent Services
C : Service Change Configuration
T : Start Service
O : Stop Service
P : Pause/Continue Service
I : Interrogate Service
U : Service User-Defined Control Commands