Granting service control manager access permission to user outside of administrator group
14,915
Try the sc.exe
with sdset command. It uses sddl format and I'm not sure if you can implement your needs exactly as you want. See the article Understanding the SDDL permissions in the ACE_String to convert to sddl format.
Related videos on Youtube
Author by
Nati
Updated on September 18, 2022Comments
-
Nati over 1 year
I have a user outside of administrator group. How can I grant service control manager access permission for that (specific) user?
It's like SC_MANAGER_ALL_ACCESS from the following link:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms685981%28v=vs.85%29.aspx
-
Harry Johnston over 11 yearsYou might have to write a program (using the OpenSCManager and SetServiceObjectSecurity functions). Keep in mind that if you do this the user will be able to give himself administrator access if he or she wants to.
-
Pavel Radzivilovsky over 11 yearsUsers of administrator group are able to do that. Which exactly of the settings of the administrator group triggers that?
-
Artyom over 11 yearsHave you seen this: stackoverflow.com/questions/3279392/… may be it can help
-
Harry Johnston over 11 years@PavelRadzivilovsky: the service control manager has an ACL which, by default, explicitly grants full access to the Administrators group.
-
Pavel Radzivilovsky over 11 yearsBwah, I didn't know there can be such a thing.. By the way, blogs.msdn.com/b/distributedservices/archive/2009/03/13/…
-
-
Scott Pack over 11 yearsWelcome to Server Fault! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
-
Harry Johnston over 11 yearsSpecifically, use
sc sdset SCMANAGER
as described here (but with a different SDDL string, of course): support.microsoft.com/kb/907460