Remember when you use the Services plug-in with in a MMC console (such as
Computer Management - Services and Applications - Services) or a
ServiceController object, you are actually talking to the SCM (Service
Control Manager). My understanding is that the SCM runs under a system
account with elevated authorities. The SCM then talks to your service which
is running under the account that you configured it to run under.
So the service itself only knows specifically what account it is, not the
originating request. Seeing as this originating request may be either a
local or remote request, performed in either a local desktop, remote
desktop, COM+, .NET Remoting, IIS, or other context. I not seeing any way to
know who actually made the request.
What you might (*might*) be able to do is use RegEdit to deauthorize (Deny)
normal users to the registry key that defines the service itself, however I
have not tried it. I'm not sure if I would try it, without further