Re: Security necessary to list all services

---

• From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
• Date: Wed, 21 Feb 2007 23:39:51 -0700

---

"Bowulf" <bowulf@xxxxxxxxx> wrote in message
news:1172073387.277170.213680@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Windows 2000 all one had to be to list all services resident was to
be a member of the Power Users group. On Windows Server 2003, that is
no longer sufficient. I can create GPO's or set the ACL for
manipulating individual *known* services, but I need to be assign the
user right to be able to manipulate or simply list all services
without giving local administrator access. What are my options?

As you have implied, it is a little challenging to do this via
Services section of GPO as one needs to have all possible
services in the GPO.

Are you familiar with the sc command?
sc <machine> query
for list of services instanced on the remote <machine>
thence use of sc's sdshow and sdset commands to show
and set the security descriptor for specific services,
using SDDL syntax (search MSDN for SDDL if needed).

Roger


.

---

• Follow-Ups:
  • Re: Security necessary to list all services
    • From: Bowulf

• References:
  • Security necessary to list all services
    • From: Bowulf

• Prev by Date: Re: Problems with NTP on Win2003
• Next by Date: Re: Security Event Log
• Previous by thread: Security necessary to list all services
• Next by thread: Re: Security necessary to list all services
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2007-02