How to assign permissions to manage windows service when UAC is enabled?

5

1

I have following scenario:

  • I'm local admin on my computer with Windows 7 Enterprise and UAC enabled
  • Computer is not in domain and is not under group policy
  • I run some program without running it as administrator
  • This program sometimes needs to control locally installed windows service (with Manual start options)
  • Without running initial program as administrator or without disabling UAC controlling windows service fails.

How can I grant permissions to my account to control this particular service without running with elevated privileges or disabling UAC?

Ladislav Mrnka

Posted 2011-07-27T11:16:21.097

Reputation: 588

The qeuestion is how are you running it (running it from a batch file using a scheduled task?)? and when (startup shutdown)? – KCotreau – 2011-07-27T12:30:44.060

Answers

4

Services, just like about every Windows object, have an ACL associated with it, which can be modified to give you access.

As far as I know, there is no official UI for managing service ACLs, so you're left with two options:

  1. Download Process Explorer. Start your service (ProcExp only shows running services). In ProcExp, double-click on the process for the Service (or right-click and click Properties). Click the "Services" tab. Typically your program is run by a particular user - Add that user. Hit Advanced. The permissions you can manage include stop/start of this Service and sending custom-defined commands to it.

    Process Hacker is similar, but can manage stopped services as well.

  2. sc sdshow, learn the ACE syntax and access rights, edit the security descriptor, pass it back to sc sdset.

user1686

Posted 2011-07-27T11:16:21.097

Reputation: 283 655

For the above Service approach, setting Custom commands permissions http://i.imgur.com/tql3pUA.png

– Chris Moschini – 2016-03-23T15:00:32.317

Asked: 2011-07-27T11:16:21.097

Viewed: 6 295 times

Active: 2019-10-21T08:46:55.603