0

I'm trying to call OpenService with SERVICE_START parameter like below.

void ServiceStart(AnsiString ServiceName)
{
    wchar_t lpBuffer[256];
    long errorCode;

    SERVICE_STATUS_PROCESS ssStatus;
    DWORD dwOldCheckPoint;
    DWORD dwStartTickCount;
    DWORD dwWaitTime;
    DWORD dwBytesNeeded;

    SC_HANDLE schService;
    SC_HANDLE schSCManager;


    schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT);
    if (NULL == schSCManager)
    {
        errorCode = GetLastError();
        FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM, NULL, errorCode,MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), lpBuffer, 256, NULL);
        ShowMessage("OpenSCManager failed "+AnsiString(lpBuffer));
        return;
    }


    schService = OpenService(schSCManager,ServiceName.c_str(),SERVICE_START);  
    if (schService == NULL)
    {
        errorCode = GetLastError();
        FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM, NULL, errorCode,MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), lpBuffer, 256, NULL);
        ShowMessage("OpenService failed "+AnsiString(lpBuffer)+" "+IntToStr(errorCode));
        CloseServiceHandle(schSCManager);
        return;
    } 
}

OpenService function returnig "Access Denied" message. When run as administrator exe, OpenService function works well.

I also tried with SERVICE_QUERY_STATUS parameter for test.it works fine without administrator

I didn't understand source of problem.

Thanks.

İsmail Kocacan
  • 1,204
  • 13
  • 38
  • I can't obtain HANDLE with OpenService. How can I pass to SetServiceObjectSecurity ? – İsmail Kocacan Aug 13 '16 at 09:30
  • every Service have self SECURITY_DESCRIPTOR SecurityDescriptor. when you call OpenService(dwDesiredAccess) - system check dwDesiredAccess with SecurityDescriptor by using AccessCheckAndAuditAlarm. so in your case SERVICE_QUERY_STATUS is granted for user in SecurityDescriptor, but SERVICE_START is not. so your user simply have no enough rights. – RbMm Aug 13 '16 at 11:38
  • 2
    You should call SetServiceObjectSecurity when you're installing the service, not later on. Or, if this is a third-party service, you'll need to run as administrator in order to change the permissions on it; but you only need to do that once. Make sure you have carefully considered whether it is actually safe to allow non-admin users to start the service in question. – Harry Johnston Aug 13 '16 at 23:23
  • @HarryJohnston thank you for explain.I understand you now. I should call OpenService like that OpenService(hSCManager, ServiceName.c_str(), READ_CONTROL | WRITE_DAC); – İsmail Kocacan Aug 15 '16 at 08:53

0 Answers0