Grant-ServicePermission

Grants permissions for an identity against a service.

Syntax

Grant-ServicePermission -Name <String> -Identity <String> -FullControl [<CommonParameters>]
Grant-ServicePermission -Name <String> -Identity <String> [-QueryConfig] [-ChangeConfig] [-QueryStatus] [-EnumerateDependents] [-Start] [-Stop] [-PauseContinue] [-Interrogate] [-UserDefinedControl] [-Delete] [-ReadControl] [-WriteDac] [-WriteOwner] [<CommonParameters>]

Description

By default, only Administators are allowed to manage a service. Use this function to grant specific identities permissions to manage a specific service.

If you just want to grant a user the ability to start/stop/restart a service using PowerShell's Start-Service, Stop-Service, or Restart-Service cmdlets, use the Grant-ServiceControlPermissions function instead.

Any previous permissions are replaced.

Related Commands

Parameters

Name Type Description Required? Pipeline Input Default Value
Name String The name of the service to grant permissions to. true false
Identity String The identity to grant permissions for. true false
FullControl SwitchParameter Grant full control on the service true false False
QueryConfig SwitchParameter Grants permission to query the service's configuration. false false False
ChangeConfig SwitchParameter Grants permission to change the service's permission. false false False
QueryStatus SwitchParameter Grants permission to query the service's status. false false False
EnumerateDependents SwitchParameter Grants permissionto enumerate the service's dependent services. false false False
Start SwitchParameter Grants permission to start the service. false false False
Stop SwitchParameter Grants permission to stop the service. false false False
PauseContinue SwitchParameter Grants permission to pause/continue the service. false false False
Interrogate SwitchParameter Grants permission to interrogate the service (i.e. ask it to report its status immediately). false false False
UserDefinedControl SwitchParameter Grants permission to run the service's user-defined control. false false False
Delete SwitchParameter Grants permission to delete the service. false false False
ReadControl SwitchParameter Grants permission to query the service's security descriptor. false false False
WriteDac SwitchParameter Grants permission to set the service's discretionary access list. false false False
WriteOwner SwitchParameter Grants permission to modify the group and owner of a service. false false False

EXAMPLE 1

Grant-ServicePermission -Identity FALCON\Chewbacca -Name Hyperdrive -QueryStatus -EnumerateDependents -Start -Stop

Grants Chewbacca the permissions to query, enumerate dependents, start, and stop the Hyperdrive service. Coincedentally, these are the permissions that Chewbacca nees to run Start-Service, Stop-Service, Restart-Service, and Get-Service cmdlets against the Hyperdrive service.