Introduction

Windows Services allow for the creation of continuously running executable applications. These applications have the ability to be automatically started upon booting, they may be paused and restarted, and they lack a user interface.

In order for a service to function properly, it needs to be associated with a system or user account. There are a few common built-in system accounts that are used to operate services such as LocalService, NetworkService, and LocalSystem. The following table describes the default secure access rights for accounts on a Windows system:

Account	Permissions
Local Authenticated Users (including `LocalService` and `Network Service`)	`READ_CONTROL` `SERVICE_ENUMERATE DEPENDENTS` `SERVICE_INTERROGATE` `SERVICE_QUERY_CONFIG` `SERVICE_QUERY_STATUS` `SERVICE_USER_DEFINED_CONTROL`
Remote Authenticated Users	Same as those for Local Authenitcated Users.
`LocalSystem`	`READ_CONTROL` `SERVICE_ENUMERATE DEPENDENTS` `SERVICE_INTERROGATE` `SERVICE_PAUSE_CONTINUE` `SERVICE_QUERY_CONFIG` `SERVICE_QUERY_STATUS` `SERVICE_START` `SERVICE_STOP` `SERVICE_USER_DEFINED_CONTROL`
Administrators	`DELETE` `READ_CONTROL` `SERVICE_ALL_ACCESS` `WRITE_DAC` `WRITE_OWNER`

Moreover, a registry entry exists for each service in HKLM\SYSTEM\CurrentControlSet\Services.

Enumeration

In general, manual enumeration of Windows services is a rather cumbersome process, so I suggest that you use a tool for automation such as WinPEAS.

winpeas.exe servicesinfo

The permissions a user has on a specific service can be inspected via the AccessChk Windows Utility.

acceschk.exe /accepteula -uwcqv <account> <service>