Grants permissions for an identity against a service.
Grant-ServicePermission -Name <String> -Identity <String> -FullControl [<CommonParameters>]
Grant-ServicePermission -Name <String> -Identity <String> [-QueryConfig] [-ChangeConfig] [-QueryStatus] [-EnumerateDependents] [-Start] [-Stop] [-PauseContinue] [-Interrogate] [-UserDefinedControl] [-Delete] [-ReadControl] [-WriteDac] [-WriteOwner] [<CommonParameters>]By default, only Administators are allowed to manage a service. Use this function to grant specific identities permissions to manage a specific service.
If you just want to grant a user the ability to start/stop/restart a service using PowerShell's Start-Service, Stop-Service, or Restart-Service cmdlets, use the Grant-ServiceControlPermissions function instead.
Any previous permissions are replaced.
| Name | Type | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|---|
| Name | String | The name of the service to grant permissions to. |
true | false | |
| Identity | String | The identity to grant permissions for. |
true | false | |
| FullControl | SwitchParameter | Grant full control on the service |
true | false | False |
| QueryConfig | SwitchParameter | Grants permission to query the service's configuration. |
false | false | False |
| ChangeConfig | SwitchParameter | Grants permission to change the service's permission. |
false | false | False |
| QueryStatus | SwitchParameter | Grants permission to query the service's status. |
false | false | False |
| EnumerateDependents | SwitchParameter | Grants permissionto enumerate the service's dependent services. |
false | false | False |
| Start | SwitchParameter | Grants permission to start the service. |
false | false | False |
| Stop | SwitchParameter | Grants permission to stop the service. |
false | false | False |
| PauseContinue | SwitchParameter | Grants permission to pause/continue the service. |
false | false | False |
| Interrogate | SwitchParameter | Grants permission to interrogate the service (i.e. ask it to report its status immediately). |
false | false | False |
| UserDefinedControl | SwitchParameter | Grants permission to run the service's user-defined control. |
false | false | False |
| Delete | SwitchParameter | Grants permission to delete the service. |
false | false | False |
| ReadControl | SwitchParameter | Grants permission to query the service's security descriptor. |
false | false | False |
| WriteDac | SwitchParameter | Grants permission to set the service's discretionary access list. |
false | false | False |
| WriteOwner | SwitchParameter | Grants permission to modify the group and owner of a service. |
false | false | False |
Grant-ServicePermission -Identity FALCON\Chewbacca -Name Hyperdrive -QueryStatus -EnumerateDependents -Start -StopGrants Chewbacca the permissions to query, enumerate dependents, start, and stop the Hyperdrive service. Coincedentally, these are the permissions that Chewbacca nees to run Start-Service, Stop-Service, Restart-Service, and Get-Service cmdlets against the Hyperdrive service.