I've created a user that's only a member of TelnetClients. The user have permission to telnet, but I also want the user to have permission to start/stop services while connected to telnet.
Is there any special user group for this? any way I can give this user permission to start/stop services without granting any other permissions (ie, without making it an administrator)

This is a copy of the MMC help and support page on what you wish to know about.

"Services permissions
Each service has special permissions that you can grant or deny for each user or group. You can set permissions for individual services by using Security Templates. For more information about how to do this, see Security Templates.

Services must log on to an account in order to access resources and objects on the operating system. Some services are configured by default to log on to the Local System account, which is a powerful account that has full access to the system. If a service logs on to the Local System account on a domain controller, that service has access to the entire domain. Other services are configured to log on to LocalService or NetworkService accounts, which are special built-in accounts that are similar to authenticated user accounts. These accounts have the same level of access to resources and objects as members of the Users groups. This limited access helps safeguard your system if individual services or processes are compromised.

Services running as the LocalService account access network resources as a null session with no credentials. Services running as the NetworkService account access network resources using the credentials of the machine account.

For more information about how to configure a service, see To configure how a service is started.

Warning

Changing the account under which a service is run might prevent the service from running properly.
The following table lists the individual service permissions that you can apply.

Permission Allows you to
Full Control Perform all functions. This permission automatically grants all service permissions to the user.
Query Template Determine the configuration parameters associated with a service object.
Change Template Change the configuration of a service.
Query Status Access information about the status of the service.
Enumerate Dependents Determine all of the other services that are dependent on the specified service.
Start Start a service.
Stop Stop a service.
Pause and Continue Pause and continue the service.
Interrogate Report the current status information for the service.
User-Defined Control Send a user-defined control request, or a request that is specific to the service, to the service.
Delete Delete a service.
Read Permissions Read the security permissions assigned to the service.
Change Permissions Change the security permissions assigned to the service.
Take Ownership Change a security key or change permission on a service that is not owned by the user.
"

Hey there. Power users (local machine) have permissions to start/stop non auto running services. Otherwise (domain wide) only Admin & server operators have these rights - as far as I'm aware. If on a domain, try group policies?
Good luck,
Owen