I need to be able to grant a user permissions to restart a single service on a Windows server without giving them administrative rights or rights to restart any other services.
I also need them to be able to install a single program via the CMD line but no other programs. I can give them admin access to the folder where the program will be installed but i need to somehow give them permissions to register the DLLs for the service without giving them admin access.
Is this possible?
Granting permissions to restart a service is easily possible with SetACL (example). You do not have to log on interactively to restart a service, you can simply use the services management console to connect remotely.
I am not entirely sure, but I think that for installing programs you need to be a member of the group "Administrators".
While I am not a Windows admin, but rather a developer, this is my suggestion: try setting the "Log on as" to the users account in the Log On tab of the service properties. This works for me when I want access to a service without administrator privileges, or if I need a service to interact with my account.