Re: Why would services.msc & services.exe be "Access Denied" in WinXP?

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/06/05 

Date: Sun, 6 Nov 2005 13:25:29 -0600

Hmm. Your permissions look fine for services.msc. and there are no deny
permissions assuming you were looking at the services.msc in the
\windows\system32 folder. The advanced tab is for defining special
permissions which allows more granular control of NTFS permissions but those
permissions look fine also. What is the exact error you get when you are
denied access and when you look in the application log via Event Viewer in
Computer Management are there any warnings [Software Restriction Policies,
etc] that may be related to running services.msc?? If you can run rsop.msc
do so and check to see if you have any Group Policy restrictions configured
particularly under administrative templates/Windows components/Microsoft
Management Console and administrative templates/system. Beyond that I would
use the filemon tool to try and track down where access is being
enied. --- Steve

"Susan Sharm" <susanshaarm@yahoo.com> wrote in message
news:1131299518.890426.236320@g43g2000cwa.googlegroups.com...
> Steven L Umbach wrote:
>> If you see no security tab then you will have to disable simple
>> file sharing by opening Windows Explorer and then selecting tools/folder
>> options/view - use simple file sharing that you would want to uncheck.
>
> Thanks again Steven for the wonderful advice (I wish more people were
> like you!).
>
> When I right click & select properties on the "services.msc" file, I
> see only two tabs "general" & "summary". On "services.exe" I see four
> tabs "general", "version", "compatibility", & "summary". As you noted,
> there was no "security" tab available.
>
> So, in that system32 window, I selected the menu "tools", "folder
> options", "view", and I turned off (unchecked) these two which had
> "simple" in the description:
> - display simple folder view in Explorer's Folders list
> - use simple file sharing (Recommended)
>
> Thanks to your advice, this action added a "security" tab to the
> right-click properties of both services.exe and services.msc (I never
> knew about this so I'm glad I learned something interesting today!).
>
> Here is what I saw in the "security" tab of a right-clicked properties
> of "services.msc" (given the "Full Computer Name is "SUSAN" and I'm
> logged in as "Administrator" and I know of no other logins on this
> computer other than administrator.
>
> Group or user names:
> - Administrators (SUSAN\Administrators)
> --- Full Control [^]Allow [ ]Deny
> --- Modify [^]Allow [ ]Deny
> --- Read & Execute [^]Allow [ ]Deny
> --- Read [^]Allow [ ]Deny
> --- Write [^]Allow [ ]Deny
> --- Special Permissions [ ]Allow [ ]Deny
> - Power Users (SUSAN\Power Users)
> --- Full Control [ ]Allow [ ]Deny
> --- Modify [ ]Allow [ ]Deny
> --- Read & Execute [^]Allow [ ]Deny
> --- Read [^]Allow [ ]Deny
> --- Write [ ]Allow [ ]Deny
> --- Special Permissions [ ]Allow [ ]Deny
> - SYSTEM
> --- Full Control [^]Allow [ ]Deny
> --- Modify [^]Allow [ ]Deny
> --- Read & Execute [^]Allow [ ]Deny
> --- Read [^]Allow [ ]Deny
> --- Write [^]Allow [ ]Deny
> --- Special Permissions [ ]Allow [ ]Deny
> - Users (SUSAN\]Users)
> --- Full Control [ ]Allow [ ]Deny
> --- Modify [ ]Allow [ ]Deny
> --- Read & Execute [^]Allow [ ]Deny
> --- Read [^]Allow [ ]Deny
> --- Write [ ]Allow [ ]Deny
> --- Special Permissions [ ]Allow [ ]Deny
>
> I'm confused what this is telling me. There is an additional "Advanced"
> button which, for the "Administrators (SUSAN\Administrators)" selection
> shows the four tabs "Permissions", "Auditing", "Owner", & "Effective
> Permissions" which are lengthy but summarized below:
>
> Permissions:
> - Allow Users (SUSAN\Users) Read & Execute <not inherited>
> - Allow Power Users (SUSAN\Power Users) Read & Execute <not inherited>
> - Alow Administrators (SUSAN\Administrators) Full Control <not
> inherited>
> - Alow SYSTEM Full Control <not inherited>
> - [ ]Inherit from parent the auditing entries that apply to child
> objects
> Auditing:
> - [^]Inherit from parent the auditing entries that apply to child
> objects
> Owner:
> - Current owner of this item: Administrators (SUSAN\Administrators)
> Effective Permissions:
> - All the boxes are grey
>
> Leaving everything as noted above (only having unchecked simple file
> permissions), I still see "access denied" when I type "services.msc"
> into the start run menu. Do you have a suggestion as to which
> permission to change above?
>
> Thanks in advance,
> Susan
>