Add user to a group
net user <user_account> <password> /add
Grant read/write/execute permission to the user for the app’s folder
net localgroup <group> <user_account> /add
icacls "<appdirectory>" /grant <user_account>:<permission_flags> /t
<user_account>The user account (SID).
<app_directory>The path of the folder containing the app.
<permission_flags>Sets the access permissions.
(OI): The Object Inherit flag propagates permissions to subordinate files
(CI): The Container Inherit flag propagates permissions to subordinate folders
/tApply recursively to existing subordinate folders and files.
Create the service and assign the user to it (Note: the space after each “=” is required)
icacls "C:/myAppFolder/" /grant AppUser:(OI)(CI)(F) /t
sc create <service_name> binPath= "<executable_path>" obj= "<domain>\<user_account>" password= "<password>"
scExecute the sc.exe command-line tool.
<service_name>The name to assign to the service in Service Control Manager.
<executable_path>The path of the service executable.
<domain>The domain of a domain-joined machine. If the machine isn’t domain-joined, the local machine name.
<user_account>The user account under which the service runs.
<password>The user account password.