sc.exe config"服务名称"obj ="DOMAIN\User"密码="密码"无法正常工作

Question

我想从cmd为服务设置密码.我有选择权

sc.exe config"服务名称"obj ="DOMAIN\User"密码="密码"

当我执行时,它显示"[SC] ChangeServiceConfig SUCCESS" ,如果我启动我得到的服务

"Windows无法在本地计算机上启动service1服务.错误1069:由于登录失败,服务未启动."

我搜索并获得以下链接 使用SC.exe设置服务凭据密码失败

我的密码不包含特殊字符.

有什么选择呢？

Answer 1

首先要检查的是该用户是否有权在该计算机中登录为服务.如果他这样做(并且您可以执行以下步骤来检查),只需转到该服务(开始菜单 - 键入"服务",不带引号).在列表中找到您的服务,然后右键单击它.选择"属性",然后转到"登录"选项卡.重新输入"密码"和"确认密码".单击确定.如果您的用户具有"作为服务登录"的权限,则会显示消息" 帐户YourDomain\YourUser已被授予"作为服务登录 " 权限 ".只是尝试再次启动服务,它将工作.

如果您的用户没有此类权限,您可以使用以下两种方法之一:

1)开始菜单 - 键入"本地安全策略",不带引号.打开"本地策略",然后左键单击"用户权限分配".在右侧面板上,右键单击"作为服务登录",然后选择"属性".单击"添加用户或组"并添加您的用户.单击确定.您可能需要重新启动计算机.

2)下载并安装"Windows Server 2003 Resource Kit Tools"(http://www.microsoft.com/en-us/download/confirmation.aspx?id=17657).打开命令提示符并键入:

ntrights + r SeServiceLogonRight -u MyDomain\MyUser -m \\%COMPUTERNAME%

重新启动计算机并尝试再次启动该服务.

在您的用户被授予"作为服务登录"权限后,您可以通过命令行创建和启动服务.

Answer 2

如果您遇到The account YourDomain\\YourUser has been granted the Log On As a Service right，您应该执行 powershell 脚本链接\n AddLogonasaService，这与您的密码无关。这是用户运行服务的权利/许可。

\n\n

我嵌入代码供您参考。您也可以参考该 URL。

\n\n

\xef\xbb\xbfparam($accountToAdd)\n #written by Ingo Karstein, http://blog.karstein-consulting.com\n #  v1.0, 01/03/2014\n\n ## <--- Configure here\n\n if( [string]::IsNullOrEmpty($accountToAdd) ) {\n    Write-Host "no account specified"\n    exit\n }\n\n ## ---> End of Config\n\n $sidstr = $null\n try {\n    $ntprincipal = new-object System.Security.Principal.NTAccount "$accountToAdd"\n    $sid = $ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])\n    $sidstr = $sid.Value.ToString()\n } catch {\n    $sidstr = $null\n }\n\n Write-Host "Account: $($accountToAdd)" -ForegroundColor DarkCyan\n\n if( [string]::IsNullOrEmpty($sidstr) ) {\n    Write-Host "Account not found!" -ForegroundColor Red\n    exit -1\n }\n\n Write-Host "Account SID: $($sidstr)" -ForegroundColor DarkCyan\n\n $tmp = [System.IO.Path]::GetTempFileName()\n\n Write-Host "Export current Local Security Policy" -ForegroundColor DarkCyan\n secedit.exe /export /cfg "$($tmp)" \n\n $c = Get-Content -Path $tmp \n\n $currentSetting = ""\n\n foreach($s in $c) {\n    if( $s -like "SeServiceLogonRight*") {\n        $x = $s.split("=",[System.StringSplitOptions]::RemoveEmptyEntries)\n        $currentSetting = $x[1].Trim()\n    }\n }\n\n if( $currentSetting -notlike "*$($sidstr)*" ) {\n    Write-Host "Modify Setting ""Logon as a Service""" -ForegroundColor DarkCyan\n\n    if( [string]::IsNullOrEmpty($currentSetting) ) {\n        $currentSetting = "*$($sidstr)"\n    } else {\n        $currentSetting = "*$($sidstr),$($currentSetting)"\n    }\n\n    Write-Host "$currentSetting"\n\n    $outfile = @"\n [Unicode]\n Unicode=yes\n [Version]\n signature="`$CHICAGO`$"\n Revision=1\n [Privilege Rights]\n SeServiceLogonRight = $($currentSetting)\n "@\n\n    $tmp2 = [System.IO.Path]::GetTempFileName()\n\n\n    Write-Host "Import new settings to Local Security Policy" -ForegroundColor DarkCyan\n    $outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force\n\n    #notepad.exe $tmp2\n    Push-Location (Split-Path $tmp2)\n\n    try {\n        secedit.exe /configure /db "secedit.sdb" /cfg "$($tmp2)" /areas USER_RIGHTS \n        #write-host "secedit.exe /configure /db ""secedit.sdb"" /cfg ""$($tmp2)"" /areas USER_RIGHTS "\n    } finally { \n        Pop-Location\n    }\n } else {\n    Write-Host "NO ACTIONS REQUIRED! Account already in ""Logon as a Service""" -ForegroundColor DarkCyan\n }\n\n Write-Host "Done." -ForegroundColor DarkCyan\n

\n\n

为了设置服务的身份，我使用了 vbscript

\n\n

Set colServiceList = objWMIService.ExecQuery _\n("Select * from Win32_Service where Name = \'Servicename\'")\nFor Each objservice in colServiceList   \nerrReturn = objService.Change( , , , , , ,WScript.Arguments.Item(0),   WScript.Arguments.Item(1)) \nobjService.StartService()   \nNext\n

\n\n

其中 WScript.Arguments.Item(0) 是用户名 arg，WScript.Arguments.Item(1) 是密码。

\n