windows sc.exe 配置“服务名称”obj=“域\用户”密码=“密码”不起作用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19052729/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
sc.exe config "Service Name" obj= "DOMAIN\User" password= "password" not working
提问by Paul
I want to set password for a service from the cmd. I got the option
我想从 cmd 为服务设置密码。我得到了选择
sc.exe config "Service Name" obj= "DOMAIN\User" password= "password"
sc.exe config "Service Name" obj="DOMAIN\User" password="password"
When I execute, its showing "[SC] ChangeServiceConfig SUCCESS"and if I start the service I am getting
当我执行时,它显示“[SC] ChangeServiceConfig SUCCESS”,如果我启动我得到的服务
"Windows could not start the service1 service on Local Computer. Error 1069: The service did not start due to a logon failure."
“Windows 无法在本地计算机上启动 service1 服务。错误 1069:由于登录失败,服务未启动。”
I searched and got the below link Using SC.exe to set service credentials password fails
我搜索并得到以下链接 Using SC.exe to set service credentials password failed
My password doesn't consist of special character.
我的密码不包含特殊字符。
What's the option to do that?
有什么办法做到这一点?
采纳答案by Paul
If you face The account YourDomain\YourUser has been granted the Log On As a Service right, you should execute powershell script link AddLogonasaServiceand this is nothing to do with your password. It's a right/permission for an user to run the service.
如果您遇到帐户 YourDomain\YourUser 已被授予作为服务登录权限,则应执行 powershell 脚本链接 AddLogonasaService,这与您的密码无关。这是用户运行服务的权利/权限。
Am embedding the code for your reference. You can refer that URL as well.
正在嵌入代码供您参考。您也可以引用该 URL。
?param($accountToAdd)
#written by Ingo Karstein, http://blog.karstein-consulting.com
# v1.0, 01/03/2014
## <--- Configure here
if( [string]::IsNullOrEmpty($accountToAdd) ) {
Write-Host "no account specified"
exit
}
## ---> End of Config
$sidstr = $null
try {
$ntprincipal = new-object System.Security.Principal.NTAccount "$accountToAdd"
$sid = $ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])
$sidstr = $sid.Value.ToString()
} catch {
$sidstr = $null
}
Write-Host "Account: $($accountToAdd)" -ForegroundColor DarkCyan
if( [string]::IsNullOrEmpty($sidstr) ) {
Write-Host "Account not found!" -ForegroundColor Red
exit -1
}
Write-Host "Account SID: $($sidstr)" -ForegroundColor DarkCyan
$tmp = [System.IO.Path]::GetTempFileName()
Write-Host "Export current Local Security Policy" -ForegroundColor DarkCyan
secedit.exe /export /cfg "$($tmp)"
$c = Get-Content -Path $tmp
$currentSetting = ""
foreach($s in $c) {
if( $s -like "SeServiceLogonRight*") {
$x = $s.split("=",[System.StringSplitOptions]::RemoveEmptyEntries)
$currentSetting = $x[1].Trim()
}
}
if( $currentSetting -notlike "*$($sidstr)*" ) {
Write-Host "Modify Setting ""Logon as a Service""" -ForegroundColor DarkCyan
if( [string]::IsNullOrEmpty($currentSetting) ) {
$currentSetting = "*$($sidstr)"
} else {
$currentSetting = "*$($sidstr),$($currentSetting)"
}
Write-Host "$currentSetting"
$outfile = @"
[Unicode]
Unicode=yes
[Version]
signature="`$CHICAGO`$"
Revision=1
[Privilege Rights]
SeServiceLogonRight = $($currentSetting)
"@
$tmp2 = [System.IO.Path]::GetTempFileName()
Write-Host "Import new settings to Local Security Policy" -ForegroundColor DarkCyan
$outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force
#notepad.exe $tmp2
Push-Location (Split-Path $tmp2)
try {
secedit.exe /configure /db "secedit.sdb" /cfg "$($tmp2)" /areas USER_RIGHTS
#write-host "secedit.exe /configure /db ""secedit.sdb"" /cfg ""$($tmp2)"" /areas USER_RIGHTS "
} finally {
Pop-Location
}
} else {
Write-Host "NO ACTIONS REQUIRED! Account already in ""Logon as a Service""" -ForegroundColor DarkCyan
}
Write-Host "Done." -ForegroundColor DarkCyan
To set the identity for services, I have used a vbscript
为了设置服务的身份,我使用了 vbscript
Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where Name = 'Servicename'")
For Each objservice in colServiceList
errReturn = objService.Change( , , , , , ,WScript.Arguments.Item(0), WScript.Arguments.Item(1))
objService.StartService()
Next
Where WScript.Arguments.Item(0) is the username arg and WScript.Arguments.Item(1) is password.
其中 WScript.Arguments.Item(0) 是用户名 arg,WScript.Arguments.Item(1) 是密码。
回答by Marcos Arruda
The first thing to check is if that user has permission to Log On As A Service in that machine. If he does (and you can do the following procedure to check this), just go to the service (Start Menu - type "services", without the quotes). Find your service on the list, and right-click on it. Select "Properties", and go to the "Log On" tab. Retype the "Password" and "Confirm password". Click OK. If your user DOES have permission to Log On as a Service, a message "The account YourDomain\YourUser has been granted the Log On As a Service right". Just try to start the service again, and it will work.
首先要检查的是该用户是否有权在该机器上作为服务登录。如果他这样做(并且您可以执行以下过程来检查这一点),只需转到服务(开始菜单 - 键入“服务”,不带引号)。在列表中找到您的服务,然后右键单击它。选择“属性”,然后转到“登录”选项卡。重新输入“密码”和“确认密码”。单击确定。如果您的用户确实有权作为服务登录,则会显示一条消息“帐户 YourDomain\YourUser 已被授予作为服务登录权限”。只需尝试再次启动该服务,它就会起作用。
If your user does not have this kind of permission, you can use one of these two approaches:
如果您的用户没有此类权限,您可以使用以下两种方法之一:
1) Start menu - type "local security policy" without the quotes. Open the "Local Policies", then left-click on "User Rights Assignment". On the right panel, right-click on "Log on as a service", and select "Properties". Click on "Add User or Group" and add your user. Click OK. You might have to reboot your machine.
1) 开始菜单 - 键入不带引号的“本地安全策略”。打开“本地策略”,然后左键单击“用户权限分配”。在右侧面板上,右键单击“作为服务登录”,然后选择“属性”。单击“添加用户或组”并添加您的用户。单击确定。您可能需要重新启动机器。
2) Download and install the "Windows Server 2003 Resource Kit Tools" (http://www.microsoft.com/en-us/download/confirmation.aspx?id=17657). Open a command prompt and type:
2) 下载并安装“Windows Server 2003 Resource Kit Tools”(http://www.microsoft.com/en-us/download/confirmation.aspx?id=17657)。打开命令提示符并键入:
ntrights +r SeServiceLogonRight -u MyDomain\MyUser -m \\%COMPUTERNAME%
ntrights +r SeServiceLogonRight -u MyDomain\MyUser -m \\%COMPUTERNAME%
Reboot your computer and try to start the service again.
重新启动计算机并尝试再次启动该服务。
After your user has been granted the Log On As A Service right, you can create and start services through the command line.
在您的用户被授予作为服务登录权限后,您可以通过命令行创建和启动服务。
回答by Ben
Probably the issue is that it doesn't want quotes around the password. Same goes for the username.
问题可能是它不想在密码周围加上引号。用户名也是如此。
It perhaps cannot tell whether the quotes are part of the password or not.
它可能无法判断引号是否是密码的一部分。
Alternatively it may be because the given account has not been granted the "log on as a service" privilege.
或者,可能是因为给定的帐户没有被授予“作为服务登录”的权限。
Generally you should check the Security event log, which will give the reason for the logon failure.
通常您应该检查安全事件日志,它会给出登录失败的原因。
回答by user3452718
This worked for me:
这对我有用:
sc.exe stop "<my_service>" 4:4:3
sc.exe config "<my_service>" obj= "./<local_acc_name>" password= "<local_acc_pass>"
sc.exe start "<my_service>"
So, in short: stopthe service before configthe password and the startwill work fine.
所以,简而言之: 在配置密码之前停止服务,启动将正常工作。
