Each service has special permissions that you can grant or deny for each user or group. You can set permissions for individual services by using Security Templates. For more information about how to do this, see Security Templates
Services must log on to an account in order to access resources and objects on the operating system. Some services are configured by default to log on to the Local System account, which is a powerful account that has full access to the system. If a service logs on to the Local System account on a domain controller, that service has access to the entire domain. Other services are configured to log on to LocalService or NetworkService accounts, which are special built-in accounts that are similar to authenticated user accounts. These accounts have the same level of access to resources and objects as members of the Users groups. This limited access helps safeguard your system if individual services or processes are compromised.
Services running as the LocalService account access network resources as a null session with no credentials. Services running as the NetworkService account access network resources using the credentials of the machine account.
For more information about how to configure a service, see To configure how a service is started
The following table lists the individual service permissions that you can apply.