How to change service security permissions?  Download
This page contains a Delphi example that shows how to change security settings for a service. The code below configures the Alerter service so that only administrator has the full access to it. Everyone else can only read service properties and start the service if it is not yet running. This example utilizes TNTServiceManager component. The source code below creates and destroys the component on the fly, so this code may be used in UI- and console- type applications. 

program service_change_security;

{$APPTYPE CONSOLE}

uses
  Windows, SysUtils, NTServiceMan, NTException, AbstrSec, WinSVC;

var
  ServiceMan: TNTServiceManager;
  List: TAccessList;
  Mask: DWORD;
begin
  ServiceMan := TNTServiceManager.Create(nil);
  try
    // Uncomment this block to configure service on remote host 
    // ServiceMan.LogonAs.UserName := 'MyDomain\MyUserName'; 
    // ServiceMan.LogonAs.Password := 'MyPassword'; 
    // if TargetHost <> '' then ServiceMan.MachineName := '\\'+ TargetHost; 
    // if (ServiceMan.MachineName <> '') and (ServiceMan.ConnectIPC <> 0) then 
    //  writeln('Warning: could not use the provided credentials.'); 

    ServiceMan.ServiceName := 'Alerter';
    try
      ServiceMan.ActiveManager := true;
      ServiceMan.ServiceAccess := SERVICE_QUERY_CONFIG or SERVICE_CHANGE_CONFIG;
      ServiceMan.ActiveService := true;
      List := ServiceMan.AccessList;
      List.BeginUpdate;
      try
        // give Administrator full access, everyone else can 
        // only read properties and start the service 
        List.Clear;
        Mask := SERVICE_QUERY_CONFIG or SERVICE_START or READ_CONTROL;
        List.Add('Everyone', Mask, [], actAccessAllowed);
        Mask := SERVICE_ALL_ACCESS;
        List.Add('Administrator', Mask, [], actAccessAllowed);
      finally
        List.EndUpdate;
      end;

    except
      On e: ENTException do
      begin
        writeln(e.message);
      end;
    end;
  finally
    ServiceMan.Free;
  end;
end.