net user <user_account> <password> /add
Add user to a group
net localgroup <group> <user_account> /add
Grant read/write/execute permission to the user for the app’s folder
icacls "<appdirectory>" /grant <user_account>:<permission_flags> /t
<user_account>
The user account (SID). <app_directory>
The path of the folder containing the app. <permission_flags>
Sets the access permissions. (OI)
: The Object Inherit flag propagates permissions to subordinate files(CI)
: The Container Inherit flag propagates permissions to subordinate folders(W)
: Write(R)
: Read(X)
: Execute(F)
: Full(M)
: Modify
/t
Apply recursively to existing subordinate folders and files. Example:
icacls "C:/myAppFolder/" /grant AppUser:(OI)(CI)(F) /t
Create the service and assign the user to it (Note: the space after each “=” is required)
sc create <service_name> binPath= "<executable_path>" obj= "<domain>\<user_account>" password= "<password>"
sc
Execute the sc.exe command-line tool. <service_name>
The name to assign to the service in Service Control Manager. <executable_path>
The path of the service executable. <domain>
The domain of a domain-joined machine. If the machine isn’t domain-joined, the local machine name. <user_account>
The user account under which the service runs. <password>
The user account password.
Leave a Reply