[stunnel-users] protect the private key, while running stunnel in server mode as a windows service

Hi, I have stunnel in server mode running as a windows service on a Win2003 Server system. I need to give this system to a different company for testing their client against our server. How do I protect my private key on stunnel, while letting the 3rd company being able to login as administrator on stunnel's win2003 system and start/stop stunnel service?

I know one can protect the private key with a passphrase in stunnel, but that does not serve my purpose as stunnel in this case should be able to start/stop without any user-intervention and I cannot store the passphrase in cleartext.

thanks , ss