Having trouble using psservice and sc.exe between Windows Server 2008 machines

I’m trying to control services on one W2k8 machine from another; no domain just a workgroup. The user account I’m logged in as is an administrator on both machines.

I’ve tried both psservice and sc.exe. These work in a Windows Server 2003 environment but it looks like I need to an extra step or two due to the changed security model in 2008. Any ideas as to how grant permission to the Service Control Manager (psservice) or OpenService (sc)? I tried running the DOS window with “Run As Administrator” and it made no difference.

With psservice I get the following

D:\mydir>psservice \\REMOTESERVER -u "adminid" -p "adminpassword" start "Display Name of Service"

PsService v2.22 - Service information and configuration utility
Copyright (C) 2001-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

Unable to access Service Control Manager on \\REMOTESERVER:
Access is denied.

In the remote server, I get the following message in the Security Log so I know I connect and login to the remote machine. I assume it then fails on a subsequent authorization step. The logoff message in the security log is just that (“An account was logged off.”), so no extra info there.

Special privileges assigned to new logon.

 Security ID:  REMOTESERVER\adminid
 Account Name:  adminid
 Account Domain:  REMOTESERVER
 Logon ID:  0xxxxxxxx

Privileges:  SeSecurityPrivilege

sc.exe is similar. The command syntax and error differs as below but I also see the same login message in the remote server’s security log.

D:\mydir>sc \\REMOTESERVER start "Registry Name of Service"
[SC] StartService: OpenService FAILED 5:

Access is denied.

Best Answer

Try adding setting [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ Policies\system\LocalAccountTokenFilterPolicy] = 1 and rebooting.

This comes from items 30 and 31 in FAQ: Common PSTools Issues and Description of User Account Control and remote restrictions in Windows Vista and helps turn down some of the UAC restrictions related to Administrative access across the network.

You may Also Like:

Leave a Comment