Restart NetworkService service from another service

Question

I have a Windows service MyService (implemented in C#) that runs as NetworkService. MyService needs to start another third-party service TheirService which also runs as NetworkService. Attempt to start TheirService fails with an access denied error when attempted from MyService using this code:

    public static bool StartService(string serviceName, TimeSpan timeout)
    {
        bool started = false;
        try
        {
            using (ServiceController sc = new ServiceController(serviceName))
            {
                if (sc != null)
                {
                    sc.Refresh();
                    if (sc.Status == ServiceControllerStatus.Running)
                    {
                        // Stop service
                        Trace.TraceInformation("Util.StartService Stopping service '{0}'...", serviceName);
                        sc.Stop();
                    }

                    sc.WaitForStatus(ServiceControllerStatus.Stopped, timeout);
                    sc.Refresh();

                    // Start service
                    Trace.TraceInformation("Util.StartService Starting service '{0}'...", serviceName);
                    sc.Start();

                    sc.WaitForStatus(ServiceControllerStatus.Running, timeout);
                    sc.Refresh();

                    started = (sc.Status == ServiceControllerStatus.Running);
                }
            }

        }
        catch (Exception e)
        {
            Trace.TraceError("Util.StartService Exception occurred while starting service '{0}'.\n{1}\n{2}", serviceName, e.Message, e.StackTrace);
        }

        Trace.TraceInformation("Util.StartService Service '{0}' restarted? {1}", serviceName, started);
        return started;
    }

TheirService's SID info:

C:\>sc showsid TheirService
NAME: TheirService
SERVICE SID: S-1-5-80-3034156332-2544749427-1608259134-1317875859-4063208518

Is there a way to start TheirService from MyService programmatically from C#?

EDIT: Goal - As part of MyService installation, I want to be able to restart TheirService.

Can TheirService be modified? If so, you can achieve what you want — Learner, Jul 26 '12 at 21:48
@Cristi Unfortunately not. TheirService is a third-party service. — amo, Jul 26 '12 at 22:19

score 1 · Answer 1 · answered Jul 26 '12 at 20:45

1

It doesn't matter what the services are set to run as. You need to elevate to an administrator to start / stop a windows service.

Alternatively, you could grant NetworkService permission to controller it, but those grants need to be made by an administrator, perhaps when your service is being installed. It also weakens the security of the 3rd party service since anyone running as NetworkService would be able to restart it, which defeats the least privilege purpose of the NetworkService account.

answered Jul 26 '12 at 20:45

vcsjones

138,677
31
291
286

I wouldn't want to compromise security of the existing TheirService service by granting NetworkService permissions to control it. Is there way I can impersonate LocalSystem or elevate to admin from MyService briefly to restart TheirService? – amo Jul 26 '12 at 20:58
@bflat Not that I am aware of. Silent elevation like that would be a security issue. What I would do is run your service as a service account, and then grant your service account access to restart "TheirService". – vcsjones Jul 27 '12 at 01:52

score 1 · Answer 2 · edited May 23 '17 at 11:55

1

You would need elevated rights for this service. A hack would be to have an intermediary 'Local System' service which performs what you want and receive commands from your network service.

EDIT: If 'TheirService' can be modified, then you can send to it a command from your service and in its turn, it would restart itself based on this answer.

edited May 23 '17 at 11:55

Community

1
1

answered Jul 26 '12 at 20:51

Learner

3,297
4
37
62

Restart NetworkService service from another service

2 Answers2