DSC - Manage user permissions on Windows service

Hey everyone,

Pretty new on DSC sphere, I’m looking for a way to manage permissions on a Windows services. We have daily scheduled tasks running under a dedicated user and this user must be able to restart his own dedicated Windows service (running under the same account as the task). The problem is the following, the team updating the product isn’t able to manage permissions on services on their own, so I would like to have a DSC (if exists) that allow me to grant privileges to certain services. I found Carbon but it’s working only as PS command not DSC implementation. And for the rest found only services creation/delete/state.

Are you aware of anything that can help me on this ?

Thanks a lot for your time :slight_smile:

to whom ? is it another service/user account ?

Grant a user service account the permission to restart a service windows service. (http://woshub.com/set-permissions-on-windows-service/)

In the meantime, I found this : https://docs.microsoft.com/en-us/powershell/dsc/reference/resources/windows/scriptresource Should I go in that direction ?

This sounds more like a PowerShell JEA type of scenario:

https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/overview?view=powershell-6

Would that be an option?

I’m not sure if there is a way to “ACL” a service to allow certain users to stop/start a service.

Mike J