May be someone have knowledge if there is a possibility to get/set security descriptors for scmanager database using WMI? Currently see only one way using sc.exe sdshow/sdset.
Thank You in advance.
Thanks for sharing, it is more about sDescriptor itself. I need information where to get SCmanager object in WMI or how to get it skipping sc.exe util.
To be more precise:-class win32_service contains all services, should be enough to make necessary changes. And it is possible to adjust Security Descriptor for all services. Just one exception. SC.exe command contains scmanager as a service. And you are able to get it's Descriptor and modify it, so logically thinking it should be stored somewhere in WMI or registry, or filesystem. Just can't find it. Unless it is part of kernel, but then it should be possible to make a call using PS. Just need direction to dig :)Thanks.
There is no SCManager service. SCManager is a set of interfaces that each service implements to allow control of the service.
Agree that this is not a service. Just had no idea how to call it. Thanks for clarifying. Any ideas where to dig?
I don't understand what you are trying to do. Can you be more specific?
If you want to set the ACL for a specific service you get an instance of a Win32_Service object for that service and call the SetSecurityDescriptor method on the object instance.
The previous link I posted shows a PowerShell example of calling this method for File System. The link below is for this method on the Win32_Service object specifically.
The code pattern is the same for both classes.
Sorry, here is more info.
I am trying to allow non admin user to list services using services.mmc from remote location. For this I want to create local Group on server, and for it SID allow enumerate services. And I can achieve this using sc.exe sdset scmanager <DACL>. But I am curious if this is possible to do without SC.exe
Hope this is more understandable.
OK, now I understand. As far as I can tell there is no way to do this with WMI or PowerShell. SC.EXE uses the OpenSCManager function of the Win32 API. All of the PowerShell examples I can find just call SC.EXE to change the ACL.
My googling skill's gave me same result. Just wanted to be sure ihaven't missed something. Thanks. I think question is closed then.