Return back rights to set security descriptor for SCManager

Question

On Windows server 2016 I made an incautious action. Using my account which belong to a builtin Administrator group I set security descriptor for SCManager:

sc sdset scmanager "D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;CCLCRPRC;;;BA)(A;;CC;;;AC)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)"

After reading documentation I have figured out that default permission value for builtin administrators is (A;;KA;;;BA). That means who are in group Administrators can set security descriptor.

With (A;;CCLCRPRC;;;BA) I was restricted to set security descriptors for SCManager. How can I return back the rights?

While reading deeper I start to understand that only Administrators group can change the security descriptor and now no one can do it. Please, say that I'm wrong... — Vitaliy, Sep 03 '21 at 15:05

score 0 · Answer 1 · answered Sep 07 '21 at 07:21

0

To solve the issue delete the registry branch:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\Security

then reboot the server.

answered Sep 07 '21 at 07:21

Vitaliy

1

Return back rights to set security descriptor for SCManager

1 Answers1