How to Start/Stop a Windows Service from an ASP.NET app - Security issues

Question

Here\'s my Windows/.NET security stack:

• A Windows Service running as LocalSystem on a Windows Server 2003 box.
• A .NET 3.5 Website running on the same

Answer 1

Update for IIS 8 (and maybe some slightly earlier versions)

The usergroup IIS_WPG does not exist anymore. It has changed to IIS_IUSRS.

Also, to start stop a service it is not neccesary to give full permissions (F). Permissions to start, stop and pause a service (TOP) should be enough. As such the command should be:

subinacl /service {yourServiceName} /grant=IIS_IUSRS=TOP

Note that you need to point the command prompt (preferably elevated to run as administrator) to C:\Windows\System32 Folder before running this command.

Also make sure that you have copied the subinacl.exe file to C:\Windows\System32 from the installation directory if there is an error.