Re: Security necessary to list all services

---

• From: "Bowulf" <bowulf@xxxxxxxxx>
• Date: 23 Feb 2007 06:02:22 -0800

---

On Feb 22, 12:39 am, "Roger Abell [MVP]" <mvpNoS...@xxxxxxx> wrote:

"Bowulf" <bow...@xxxxxxxxx> wrote in message

news:1172073387.277170.213680@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Windows 2000 all one had to be to list all services resident was to
be a member of the Power Users group. On Windows Server 2003, that is
no longer sufficient. I can create GPO's or set the ACL for
manipulating individual *known* services, but I need to be assign the
user right to be able to manipulate or simply list all services
without giving local administrator access. What are my options?

As you have implied, it is a little challenging to do this via
Services section of GPO as one needs to have all possible
services in the GPO.

Are you familiar with the sc command?
sc <machine> query
for list of services instanced on the remote <machine>
thence use of sc's sdshow and sdset commands to show
and set the security descriptor for specific services,
using SDDL syntax (search MSDN for SDDL if needed).

Roger

I actually was trying both services.msc and the sc command, and it
failed both ways with an access denied message. It turns out it was
Windows 2003 SP1 issue not a problem with RTM version. Microsoft
changed the security in that version for the services. I discovered
this after a call to Microsoft support (and 2 hours). The problem is
not so much with security or permission to the actual services, but to
the Service Control Manager. Here is the link:
http://support.microsoft.com/kb/907460

Here is the command you have to run:
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)
(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Thanks for your help.

.

---

• Follow-Ups:
  • Re: Security necessary to list all services
    • From: Roger Abell [MVP]

• References:
  • Security necessary to list all services
    • From: Bowulf
  • Re: Security necessary to list all services
    • From: Roger Abell [MVP]

• Prev by Date: Certificate Service
• Next by Date: Re: Security necessary to list all services
• Previous by thread: Re: Security necessary to list all services
• Next by thread: Re: Security necessary to list all services
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Extended partition new size not shown in My Computer Server 20 ... Microsoft Connect welcome page. ... Am I correct in thinking that there should be a new version of DiskPart ... Further states Windows Server 2003 with service ... The hotfix includes a new Diskpart.exe utility command not currently ... (microsoft.public.windows.file_system) Re: RTFM ... > Rod Engelsman wrote: ... >> for is manipulating text files. ... > on the command line than in a GUI. ... I can see the directory structure, ... (comp.os.linux.misc) Re: RTFM ... > Rod Engelsman wrote: ... >> for is manipulating text files. ... > on the command line than in a GUI. ... I can see the directory structure, ... (alt.os.linux) RE: ADprep question ... The reason you need to run exchange Adprep /Foresteprep is addressed in the ... 314649 Windows Server 2003 adprep /forestprep Command Causes Mangled ... (microsoft.public.windows.server.migration) Requst CLI CMD for Win srv2003/2008 & PowerShell cmd for Exchange ... Windows server 2003/2008 and PowerShell commands for Exchange Server 2007. ... know all the command available in Windows server 2003/2008 and PowerShell ... To use the Active Directory Domains and Trusts snap-in, choose, ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)