I am looking to make a user from the command line with minimal rights to run a service. cmd.exe or powershell.exe are both options, but cmd.exe is preferable. So far I got this:
net user /add testUser227e5910-d1ac-11df-bd3b-0800200c9a66
net localgroup Users testUser /delete
The next step is to grant this user the right of "Log On As a Service". I can't seem to figure out how to do this. This is for a blog article, so I want a solution that applies to Windows XP, 2003, 2008, 2008R2, Vista and Windows 7.
You need to install ntrights from the Windows resource kit : http://support.microsoft.com/kb/315276
ntright +r SeServiceLogonRight -u testUser