Checking for Insecure Service Permissions in Windows

How to check for them.

Just a quick post to show a way to check for insecure service permissions  in Windows using the following built in command line tools. This uses a combination of wmic to query for services and then icacls to check the permissions.

I found the below for loops as shown by travisaltman.com to quickly get the results we require.

for /f "tokens=2 delims='='" %a in ('wmic service list full^|find /i "pathname"^|find /i /v "system32"') do @echo %a >> c:\users\adam\permissions.txt
for /f eol^=^"^ delims^=^" %a in (c:\users\adam\permissions.txt) do cmd.exe /c icacls "%a"

The first line using wmi to query the services excluding ‘system32’ and then the the second line takes the output and runs icacls against each line.

Another way to view these is via Sysinternals with the accesschk tool like below:

accesschk.exe -uwcqv *

accesschk.exe -uwcqv “Authenticated Users” *
accesschk.exe -uwcqv “Everyone” *

Facebooktwitterpinterestlinkedinmail