How to reset service permissions after messing up with `sc sdset`?
The SYSTEM security context can reset it. You don't mention your Windows version, but in Windows Server 2008 and newer versions it can be a bit difficult to get a SYSTEM command prompt. It's very easy, though, to get the "Task Scheduler" in all versions of Windows to run a command as SYSTEM.
Dump the security descriptor from a known-good machine using the
sc sdshow spooler
command.Create a scheduled task on the broken machine to run the command
%SystemRoot%\system32\sc.exe
with the argumentssdset spoooler <paste good security descriptor here>
.Set the task to run as SYSTEM
Manually run the task
Your service's security descriptor will be restored to normal.
Related videos on Youtube
Yajo
Updated on September 18, 2022Comments
-
Yajo almost 2 years
After applying this "solution" I have no way of starting the spooler service, not even as Admin.
If I open
services.msc
as Administrator, that service has disappeared, as noted here (I wish I found that before).How can I reset permissions for the
spooler
service?-
joeqwerty over 9 years
-
-
Yajo over 9 yearsI found easier to use
PsExec
. The full command wasPsExec.exe /s sc sdset spooler D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
.