hi i had the same prob been giving permission to all group that i thought of include the cleaners and it didnt help finally i tried this line in my web config

<identity impersonate="true" userName="Domainname\admin" password="123" />

i have actually solve the problem of on top scenario.

• The service in this case is "MyService" need to set the log on to Local System Account and check Allow service to interact with desktop
• In the IIS Manager, create a Application Pool for the particular website. And load the website in to it.
• The particular Application Pool Identitys need to predefined to Local Syatem

These is what needed in the IIS and services.msc

In the other hand, there will still be error about the MAC address.
So, we need a which can be generate by machineKey Generator.
The machineKey generated is needed to paste at the tag below.

Then copy the whole block of quote below and paste it to the Web.config

<pages buffer="false"
enableViewState="false"
enableSessionState="false"
enableViewStateMac="false"
validateRequest="false"
enableEventValidation="false"
viewStateEncryptionMode ="Never"/>

<machineKey 
validationKey="8FCCB821044C5174C551129400F278B5629C64EAC195046DA5FE608EF418913C1139636E13FE  9F8C35AD3C10C394CAC1D9CEBB8B6BDA018165E91136B1AADBE1"
decryptionKey="3F260119F4CC0A0DD8C6B4979C70644A0ED2DD19B3ADB00F85FB7C83634FC544"
validation="SHA1"
decryption="AES"
/>

And the problem will then be solve, maybe the situation you guys faced may be different but i hope it may help someone as i struggle in this quite a long time.

In addition, i uses this code so there will no conflict when start and stop the services created.

if (service.Status == ServiceControllerStatus.Stopped)
        {

            try
            {
                service.Start();

            }
            catch (Exception ex)
            {
                Response.Write(ex.Message);
            }

        }
        else
        {
            try
            {
                service.Stop();
                service.Start();

            }
            catch (Exception ex)
            {
                Response.Write(ex.Message);
            }

        }

Good Luck and thanks you guys for helping.

ref: http://www.csharp-examples.net/restart-windows-service/
http://forums.asp.net/t/906759.aspx/3/10

with iis (version 6 and higher), web apps are run using an application pool. EAch application pool can run with a specific user (the identity), which is, by default, NETWORK SERVICE. It's a very bad idea to add this user to local administrators.

Possible ways :

• Grants the necessary privilege to start/stop the service to this user, setup an dedicated application pool to use this identity and ensure the account have read access to the asp/.net application path.
• create a dedicated account too. within you application, connect to the service management using a username/password you store securely in the config (crypt the section). I'm not sure if you can specify a user/password with service control, but you can at least, use WMI or Process.Start with a net stop / net start command.

It might help someone with a related issue:

On my server, a powershell commandlet was failing with the same error message. It was because, even if I was logged as the local admin, I needed to run the PowerShell environment as an administrator (right click, run as Administrator).