How to Start/Stop a Windows Service from an ASP.NET app - Security issues

Question

Here\'s my Windows/.NET security stack:

• A Windows Service running as LocalSystem on a Windows Server 2003 box.
• A .NET 3.5 Website running on the same

Answer 1

To give IIS permission to start/stop a particular service:

• Download and install Subinacl.exe. (Be sure to get the latest version! Earlier versions distributed in some resource kits don't work!)
• Issue a command similar to: subinacl /service {yourServiceName} /grant=IIS_WPG=F

This grants full service control rights for that particular service to the built-in IIS_WPG group. (This works for IIS6 / Win2k3.) YMMV for newer versions of IIS.)