The tool SecurSvc does allow the administrator to modify the default Windows-NT security rights of a service.

It can permit any desired groups or user accounts to control a service (start/stop/pause/resume).

The local administrator group, which is by default controlling all services, can be removed for the service specified.