Grant-ServicePermission

Grants permissions for an identity against a service.

Syntax

Grant-ServicePermission -Name <String> -Identity <String> -FullControl [<CommonParameters>]
Grant-ServicePermission -Name <String> -Identity <String> [-QueryConfig] [-ChangeConfig] [-QueryStatus] [-EnumerateDependents] [-Start] [-Stop] [-PauseContinue] [-Interrogate] [-UserDefinedControl] [-Delete] [-ReadControl] [-WriteDac] [-WriteOwner] [<CommonParameters>]

Description

By default, only Administators are allowed to manage a service. Use this function to grant specific identities permissions to manage a specific service.

If you just want to grant a user the ability to start/stop/restart a service using PowerShell's Start-Service, Stop-Service, or Restart-Service cmdlets, use the Grant-ServiceControlPermissions function instead.

Any previous permissions are replaced.

Related Commands

Parameters

Name Type Description Required? Pipeline Input Default Value
Name String

The name of the service to grant permissions to.

true false
Identity String

The identity to grant permissions for.

true false
FullControl SwitchParameter

Grant full control on the service

true false False
QueryConfig SwitchParameter

Grants permission to query the service's configuration.

false false False
ChangeConfig SwitchParameter

Grants permission to change the service's permission.

false false False
QueryStatus SwitchParameter

Grants permission to query the service's status.

false false False
EnumerateDependents SwitchParameter

Grants permissionto enumerate the service's dependent services.

false false False
Start SwitchParameter

Grants permission to start the service.

false false False
Stop SwitchParameter

Grants permission to stop the service.

false false False
PauseContinue SwitchParameter

Grants permission to pause/continue the service.

false false False
Interrogate SwitchParameter

Grants permission to interrogate the service (i.e. ask it to report its status immediately).

false false False
UserDefinedControl SwitchParameter

Grants permission to run the service's user-defined control.

false false False
Delete SwitchParameter

Grants permission to delete the service.

false false False
ReadControl SwitchParameter

Grants permission to query the service's security descriptor.

false false False
WriteDac SwitchParameter

Grants permission to set the service's discretionary access list.

false false False
WriteOwner SwitchParameter

Grants permission to modify the group and owner of a service.

false false False

EXAMPLE 1

Grant-ServicePermission -Identity FALCON\Chewbacca -Name Hyperdrive -QueryStatus -EnumerateDependents -Start -Stop

Grants Chewbacca the permissions to query, enumerate dependents, start, and stop the Hyperdrive service. Coincedentally, these are the permissions that Chewbacca nees to run Start-Service, Stop-Service, Restart-Service, and Get-Service cmdlets against the Hyperdrive service.