I am trying to change the startup type (from auto to disabled) of a Windows service (happens to be the ZoneAlarm vsmon service) on Windows 7. The program sets permissions on the service such that only the SYSTEM account can make changes.

When I am running as administrator-equivalent for example, the following sc.exe command

sc config vsmon start= disabled

gives a permissions error. To work around this I launched a command prompt as the SYSTEM user using the psexec utility.

psexec -i -s -d cmd.exe

then I confirmed I was indeed running as SYSTEM:

whoami

which outputted:

nt authority\system

but I got the same permissions error.

Next I ran regedit from that same SYSTEM command prompt and verified that it was indeed running as SYSTEM:

Navigated to the service's key at HKLM\System\CurrentControlSet\Services\vsmon and tried to change the startup type value manually but again got a permissions error:

Finally as a test I added Everyone with Full Control but got the same error.

What gives?