windows 使用 SC.exe 设置服务凭据密码失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14408973/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using SC.exe to set service credentials password fails
提问by Grayson
I know this question has been asked in the past, but a satisfactory answer has not been provided.
我知道这个问题过去有人问过,但一直没有得到满意的答复。
I am using the SC command to config the credentials for a service.
我正在使用 SC 命令来配置服务的凭据。
SC.exe config "SERVICE NAME" obj= "domain\user" password= "password"
This completes successfully, but when I start the service, it fails
to perform the login.
[NET START "service name"]
这成功完成,但是当我启动服务时,它无法执行登录。
[ NET START "service name"]
If I manually update ONLY the password from the services.msc, then when I start the service it works fine.
如果我仅从services.msc手动更新密码,那么当我启动服务时它工作正常。
I have hundreds of servers to update this change occurs in the middle of a deployment, so manual intervention is NOT an option.
我有数百台服务器来更新此更改发生在部署过程中,因此手动干预不是一种选择。
I have tried using the config to update the login account and then another config command for the password.
我尝试使用配置来更新登录帐户,然后使用另一个配置命令来更新密码。
From all accounts, the SC.exedoes not work for passwords and Microsoft has NO help.
对于所有帐户,SC.exe密码都不起作用,Microsoft 也没有帮助。
IDEAS?
想法?
回答by ericbn
Besides stopping the servicebefore making the changes, and granting the user permission to logon as a service, I also had to add the type= ownparameter, otherwise it would fail with:
除了在进行更改之前停止服务,并授予用户作为服务登录的权限,我还必须添加type= own参数,否则会失败:
[SC] ChangeServiceConfig FAILED 87:
The parameter is incorrect
So this is the command that worked:
所以这是有效的命令:
SC.EXE config "ServiceName" type= own obj= "domain\user" password= "password"
It even worked with special characters in the password, given I had the password between double brackets.
它甚至可以在密码中使用特殊字符,因为我有双括号之间的密码。
回答by Rich K
When you configure a service to run under a specific account via the normal route from the service properties windows automatically grants the account the log in as service right. When you use sc.exe you also have to grant the user the log on as service right.
当您将服务配置为通过服务属性窗口中的正常路由在特定帐户下运行时,会自动授予该帐户作为服务登录的权限。当您使用 sc.exe 时,您还必须授予用户作为服务登录的权限。
回答by Vladimir
Before restarting services, you should grant your user permission to logon as a service. Unfortunately, no way to do it from command line with default windows tools, but you can use small additional util ntright.exe from Windows Server 2003 Resource Kit Tools.
在重新启动服务之前,您应该授予您的用户作为服务登录的权限。不幸的是,无法使用默认的 Windows 工具从命令行执行此操作,但是您可以使用Windows Server 2003 Resource Kit Tools 中的小附加 util ntright.exe 。
Download it from https://www.microsoft.com/en-us/download/details.aspx?id=17657
从https://www.microsoft.com/en-us/download/details.aspx?id=17657下载
After installation you'll get a lot of tools in C:\Program Files (x86)\Windows Resource Kits\Tools(or in Program Files on 32bit machine).
安装后,您将在C:\Program Files (x86)\Windows Resource Kits\Tools(或 32 位机器上的 Program Files)中获得很多工具。
You need ntrights.exe. You can copy it and run from any place on another host.
你需要ntrights.exe。您可以复制它并从另一台主机上的任何位置运行。
To grant your user required permission, you should add to your script:
要授予您的用户所需的权限,您应该添加到您的脚本中:
ntrights.exe +r SeServiceLogonRight -u "%DOMAIN%\%USER%"
After that you can successfully restart services with a new user. Also there is an option to run ntrights.exe on remote host:
之后,您可以使用新用户成功重新启动服务。还有一个选项可以在远程主机上运行 ntrights.exe:
ntrights.exe +r SeServiceLogonRight -u "%DOMAIN%\%USER%" -m %HOSTNAME%
This tool helps me very much when I need reconfigure a lot of hosts remotely.
当我需要远程重新配置大量主机时,此工具非常有用。
回答by Jules Clements
To enable log on as a service via script I've written this, you can use it as is or pull out what is useful to you
要通过我编写的脚本启用作为服务登录,您可以按原样使用它或提取对您有用的内容
https://raw.githubusercontent.com/cdaf/windows/master/automation/provisioning/setServiceLogon.ps1
https://raw.githubusercontent.com/cdaf/windows/master/automation/provisioning/setServiceLogon.ps1
回答by user3452718
Try to stop the service before setting up the password:
设置密码前尝试停止服务:
sc.exe stop "<my_service>" 4:4:3
sc.exe config "<my_service>" obj= "\.<local_acc_name>" password= "<local_acc_pass>"
sc.exe start "<my_service>"
回答by Mark Berry
I had this issue. Thanks to ST's comment on the original post, I realized I needed to research how to type the password. In my case, I needed to double up the percent sign (%%) in the password.
我有这个问题。感谢 ST 对原帖的评论,我意识到我需要研究如何输入密码。就我而言,我需要%%将密码中的百分号 ( )加倍。
The link ST provided is helpful: Escaping special characters in cmd.
ST 提供的链接很有帮助: 在 cmd 中转义特殊字符。
回答by Angel Abad Cerdeira
Run against this problem while doing some Powershell scripting and the issue in my case was the special characters in the password.
在执行一些 Powershell 脚本时遇到这个问题,在我的情况下问题是密码中的特殊字符。
Got it working by storing the password in a variable with double quotes around it:
通过将密码存储在带有双引号的变量中来使其工作:
$servicePassword = "`"passwordWithSpecialCharacters`""
cmd /c sc config myService obj= mydomain\myuser password= $servicePassword
$servicePassword = "`"passwordWithSpecialCharacters`""
cmd /c sc config myService obj= mydomain\myuser password= $servicePassword
Special characters are:
特殊字符有:
()'"$><^?
()'"$><^?
回答by mano
Try This. Start menu - type "local security policy" without the quotes. Open the "Local Policies", then left-click on "User Rights Assignment". On the right panel, right-click on "Log on as a service", and select "Properties". Click on "Add User or Group" and add your user. Click OK. You might have to reboot your machine.
尝试这个。开始菜单 - 键入不带引号的“本地安全策略”。打开“本地策略”,然后左键单击“用户权限分配”。在右侧面板上,右键单击“作为服务登录”,然后选择“属性”。单击“添加用户或组”并添加您的用户。单击确定。您可能需要重新启动机器。
After adding you can set the user name and password for the service in cmd.
添加后可以在cmd中设置服务的用户名和密码。
