TechQA.

Access is denied when Remove-Service even though the SDDL contains account SID

8 views Asked by At

Remove-Service fails with Access is denied (PermissionDenied) even though the SID of the account that the PowerShell script runs under was added to the SDDL of the service when it was created:

$sddl = "D:(A;;0xF01FF;;;S-1-1-11-1111111111-222222222-333333333-444444)(...original SDDL...)"
New-Service -SecurityDescriptorSddl $sddl ...

S-1-1-11-1111111111-222222222-333333333-444444 is the SID of the account that the PowerShell Remove-Service runs under.

I expected that the account is allowed to delete the service when SDDL contains DACL with SERVICE_ALL_ACCESS (0xF01FF) as SERVICE_ALL_ACCESS includes STANDARD_RIGHTS_REQUIRED that contains DELETE.

windows-services powershell-core sddl
Original Q&A
0

There are 0 answers

Related Questions in WINDOWS-SERVICES

Related Questions in POWERSHELL-CORE

Related Questions in SDDL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions