Sys-Manage SecurSvc Tool

The SecurSvc tool allows administrators to modify the default permissions of services in order to grant specific accounts control (start, stop, pause, ...).

The SecurSvc tool does allow the administrator to modify the default Windows security descriptor of a service.

It can permit any desired groups or user accounts to control a service (start / stop / pause / resume).

The local administrators group, which is by default controlling all services, can be removed for the service specified as well, so please make sure to specify this group if you wan't that group to keep the service control ability!

Command Line Syntax

SecurSvc <SERVICE-NAME > <ACCOUNT-1> [ACCOUNT-2] [ACCOUNT-N]

Parameter Name	Description
<SERVICE-NAME>	The name of the service to modify. This should be the actual service name, some times referred to as service's short name, and not the so-called service display name. You can find the service name in the registry under "HKLM\System\CurrentControlSet\Services".
<ACCOUNT>	User account or group account. Either local or a domain account in the format “Domain\Account-Name”. You will need to specify at least one user or group account.

SecurSvc Examples

To grant the "Exchange-Admins" and "Administrators" groups permission to control the "MSExchangeSA" service, you could run the command below:
SecurSvc MSExchangeSA Exchange-Admins Administrators

To grant the local "Administrators" group and the domain group MyDomain\SNMP-Admins permissions to control the "SNMP" service, you could run this command:
SecurSvc SNMP Administrator MyDomain\SNMP-Admins

To grant the local "Administrators" group to control the "SNMP" service, you could run this command:
SecurSvc SNMP Administrators

Sys-Manage SecurSvc Tool

Command Line Syntax

SecurSvc Examples

Download