Does anyone know what would be the minimum rights I would need to grant to a domain user account in order to run a windows service as that user?
For simplicity, assume that the service does nothing over and above starting, stopping, and writing to the "Application" event log - i.e. no network access, no custom event logs etc.
I know I could use the built in Service and NetworkService accounts, but it's possible that I may not be able to use these due to network policies in place.
Two ways:
Edit the properties of the service and set the Log On user. The appropriate right will be automatically assigned.
Set it manually: Go to Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment. Edit the item "Log on as a service" and add your domain user there.