• Skip to primary navigation
  • Skip to main content

Josh Withee

  • Home
  • Blog
  • Contact
  • Show Search
Hide Search

Create a Windows User to Run a Service Under

Josh Withee · March 16, 2019 · Leave a Comment

Create a user in cmd
net user <user_account> <password> /add
Add user to a group
net localgroup <group> <user_account> /add
Grant read/write/execute permission to the user for the app’s folder
icacls "<appdirectory>" /grant <user_account>:<permission_flags> /t
<user_account> The user account (SID).
<app_directory> The path of the folder containing the app.
<permission_flags> Sets the access permissions.
  • (OI): The Object Inherit flag propagates permissions to subordinate files
  • (CI): The Container Inherit flag propagates permissions to subordinate folders
  • (W): Write
  • (R): Read
  • (X): Execute
  • (F): Full
  • (M): Modify
/t Apply recursively to existing subordinate folders and files.
Example:
icacls "C:/myAppFolder/" /grant AppUser:(OI)(CI)(F) /t
Create the service and assign the user to it (Note: the space after each “=” is required)
sc create <service_name> binPath= "<executable_path>" obj= "<domain>\<user_account>" password= "<password>"
sc Execute the sc.exe command-line tool.
<service_name> The name to assign to the service in Service Control Manager.
<executable_path> The path of the service executable.
<domain> The domain of a domain-joined machine. If the machine isn’t domain-joined, the local machine name.
<user_account> The user account under which the service runs.
<password> The user account password.

Related

Uncategorized cmd, Windows Service, Windows User

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Copyright © 2023