Mister X Mister X - 10 months ago 57
C++ Question

Start Windows Service From Application without Admin right(c++)

I wrote a windows service (and it runs fine). Now i have a separate app where I want to start this service from, but it seems this is not possible without administrator rights.

How would a proper solution look like that a user can start/stop the service (e.g. from a tray or application)

IMHO its bad that the application must always be started with administrator rights.


You just need to change the permissions on the service object, preferably at the same time you install it.

wchar_t sddl[] = L"D:"
  L"(A;;CCLCSWRPWPDTLOCRRC;;;SY)"           // default permissions for local system
  L"(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)"   // default permissions for administrators
  L"(A;;CCLCSWLOCRRC;;;AU)"                 // default permissions for authenticated users
  L"(A;;CCLCSWRPWPDTLOCRRC;;;PU)"           // default permissions for power users
  L"(A;;RP;;;IU)"                           // added permission: start service for interactive users


if (!ConvertStringSecurityDescriptorToSecurityDescriptor(sddl, SDDL_REVISION_1, &sd, NULL))

if (!SetServiceObjectSecurity(service, DACL_SECURITY_INFORMATION, sd))

I'm assuming here you've already opened the service handle. You need WRITE_DAC permission.

If you also want non-admin users to be able to stop the service, add the WP right, i.e.,

  // added permissions: start service, stop service for interactive users

SDDL codes for service rights can be found in Wayne Martin's blog entry, Service Control Manager Security for non-admins.