How to: Find out your genuine Windows 10 product key from the computer easily with different methods

1 Using ProductKey

A free software for reviewing Windows product keys.

ProductKey
ProductKey

Download ProduKey (In Zip file)

Download ProduKey for x64

2 Using Registry Editor

1 Use Win + R key combination to launch “Run” Window

Microsoft Windows - Run window
Microsoft Windows – Run window

2 Type regedit, then hit Enter key, Registry Editor Window will appear

Windows 10 Registry Editor
Windows 10 Registry Editor

3 Navigate to following path

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
Registry Editor - SoftwareProtectionPlatform
Registry Editor – SoftwareProtectionPlatform

You will be able to find your Windows product key besides “BackupProductKeyDefault” key

3 Using PowerShell/Command Prompt

1 Launch command prompt/PowerShell with Admin privilege.

1.1 By using Win + X key, launch the Command Prompt (Admin) or PowerShell (Admin)

2 Execute following command

wmic path softwarelicensingservice get OA3xOriginalProductKey
wmic path softwarelicensingservice get OA3xOriginalProductKey
wmic path softwarelicensingservice get OA3xOriginalProductKey

4 Using PowerShell/Command Prompt with Registry command



1 Launch command prompt/PowerShell with Admin privilege.

1.1 By using Win + X key, launch the Command Prompt (Admin) or PowerShell (Admin)

2 Execute following command

REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v BackupProductKeyDefault
Get value for "BackupProductKeyDefault" from command prompt or PowerShell
Get value for “BackupProductKeyDefault” from command prompt or PowerShell

How to: Add specific/custom folders to Windows index (So that contents will come up in search results in Start Menu)

1 Bring up the “Indexing Options”

1.1 Method 1

1.1.1 Click on Start button to bring up Windows Start menu

Start button
Start button

1.1.2 Type index

Type index
Type index

We will find “Index Options”

1.2 Method 2

1.2.1 Use Win + R key combination to bring up Run window

Microsoft Windows - Run window
Microsoft Windows – Run window

1.2.2 Type control then hit Enter key, Control Panel will appear

Windows 10 Control Panel
Windows 10 Control Panel

1.2.3 Click on “Large icons”

Large icons
Large icons

1.2.4 Click on “Index Options”

Index Options
Index Options

1.3 Method 3

1.3.1 Use Win + R key combination to bring up Run window

Microsoft Windows - Run window
Microsoft Windows – Run window

1.3.2 Type one of following commands then hit Enter key

control.exe srchadmin.dll
 
control /name Microsoft.IndexingOptions
 
rundll32.exe shell32.dll,Control_RunDLL srchadmin.dll

2 Add the desired folder to Windows Index

2.1 Click on “Modify” button

Windows 10 Index Options
Windows 10 Index Options

2.2 Check the desired folders, so that they will be indexed. You can select folders from other drives as well, e.g. D, E, F drive

Windows 10 Indexed Locations
Windows 10 Indexed Locations

(If we can’t find what we want to add to index, we can click on “Show all locations” to show more locations)

2.3 Click on “OK” button to save the changes.

(Next time when the system is updating the index, those folders/contents will be indexed as well)

3 Rebuild Index

If you want to rebuild index instantly, here is how

3.1 After we have clicked on “OK” button, we are back to “Index Options” window again

Windows 10 Indexing Options
Windows 10 Indexing Options

3.2 Click on “Advanced” button

3.3 Click on the “Rebuild” button, now the system will start to rebuild the index (Note: It will take awhile, if you have heaps of files, it will take even longer)

Windows 10 Index Options - Advanced Options
Windows 10 Index Options – Advanced Options

When it’s finished, our files/folders will come up in the search results


Open source/Free tools to find vulnerability in Active Directory (AD) – Grouper2

Grouper2 vs Grouper

Grouper

1 The computer must be joined to the domain with GPMC and RSAT installed

2 User must use Get-GPOReport with PowerShell to generate XML report

3 The report is required by Grouper

4 Users must manually filter out useful data

Grouper2

Grouper2 does not rely on Get-GPOReport, it still needs to parse different types of files format.

1 More accurate file permission detection, no read/write of storage required

2 Won’t ignore GPP password

3 Provide HTML format output

4 Multi-thread support

5 Supports offline mode

Official description

What is it for?

Grouper2 is a tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy.

It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an audit tool. If you want to check your policy configs against some particular standard, you probably want Microsoft’s Security and Compliance Toolkit, not Grouper or Grouper2.

What does it do?

It dumps all the most interesting parts of group policy and then roots around in them for exploitable stuff.

How is it different from Grouper?

Where Grouper required you to:

  • have GPMC/RSAT/whatever installed on a domain-joined computer
  • generate an xml report with the Get-GPOReport PowerShell cmdlet
  • feed the report to Grouper
  • a bunch of gibberish falls out and hopefully there’s some good stuff in there.

Grouper2 does like Mr Ed suggests and goes straight to the source, i.e. SYSVOL.

This means you don’t have the horrible dependency on Get-GPOReport (hooray!) but it also means that it has to do a bunch of parsing of different file formats and so on (booo!).

Other cool new features:

  • better file permission checks that don’t involve writing to disk.
  • doesn’t miss those GPP passwords that Grouper 1 did.
  • HTML output option so you can preserve those sexy console colours and take them with you.
  • aim Grouper2 at an offline copy of SYSVOL if you want.
  • it’s multithreaded!
  • a bunch of other great stuff but it’s late and I’m tired.

Also, it’s written in C# instead of PowerShell.

How do I use it?

Literally just run the EXE on a domain joined machine in the context of a domain user, and magic JSON candy will fall out.

If the JSON burns your eyes, add -g to make it real pretty.

If you love the prettiness so much you wanna take it with you, do -f "$FILEPATH.html" to puke the candy into an HTML file.

If there’s too much candy and you want to limit output to only the tastiest morsels, set the ‘interest level’ with -i $INT, the bigger the number the tastier the candy, e.g. -i 10 will only give you stuff that will probably result in creds or shells.

If you don’t want to dig around in old policy and want to limit yourself to only current stuff, do -c.

If you want the candy to fall out faster, you can set the number of threads with -t $INT – the default is 10.

If you want to see the other options, do -h.

I don’t get it.

OK have a look at this:

A picture of some Grouper2 output

In the screenshot above we can see an “Assigned Application” policy that is still being pushed to computers, but the MSI file to install is missing, and the directory it’s being installed from is writable by the current user.

If you created a hacked up MSI (e.g. with msfvenom) and then modified it to match the UIDs at the bottom of the picture, it would get executed on machines targeted by the GPO. Sweet!

A picture of some Grouper2 output

In this one you can see that someone’s done something absolutely insane to the ACLS on the registry.

You get the picture.

Resource

Official Github page


How to: Find Largest file on Windows, Windows 7, Windows 10, Microsoft Windows, Windows Server (Disk Space Usage)

For finding largest file/folder or showing disk space usage on Linux, refer to this one: (Linux Command Line/ Terminal Disk Space Usage tool (Find largest folder/file))

Sometimes, we want to find largest files or folders from our computer, especially when we are running out of space on hard drive. Because spending time to find different small useless files and then delete them can be very time consuming and after all it’s possible that we have only deleted couple MB of files which won’t help much. Remove one or two huge files or folders may help a lot.

Here is a list of software which can be used just for this purpose and for free, even better, some are open source.

WinDirStat

WinDirStat
WinDirStat
  • Easy to use
  • Free, Open Source
  • Can be installed
  • Portable version available (via portableapps)

SpaceSniffer

SpaceSniffer
SpaceSniffer
  • Easy to use
  • Free
  • Portable version available

WizTree

WizTree
WizTree
  • Easy to use
  • Free
  • Can be installed
  • Portable version available

Summary

Out of three, WinDirStat is the only open source one, Space Sniffer and WinTree are both freeware only.

WinDirStat does not provide official portable version, but portable version can be downloaded from portableapps. Both SpaceSniffer and WizTree provide official portable version.

All of them are very easy to use, the user interface of WinDirStat and WizTree are very similar, you click on the tile or block to reveal the file name, while SpaceSniffer displays the file and folder name directly on the tile/block.

Bottom line, choose whichever you like to use or give all of them a try and decide which one to go with, or even keep all of them in your bag, backup plan will not hurt πŸ˜‰

Download/Resource

  1. WinDirStat
  2. SpaceSniffer
  3. WinTree

How to: Quickly remove printer jobs from Windows, Quickly reset printer jobs

Method 1

1 Save following text to ResetPrinterJob.cmd or ResetPrinterJob.bat

Simple version

rem https://dannyda.com
net stop spooler
del /q /s c:\windows\system32\spool\printers*.*
net start spooler

Verbose version

@echo off
echo dannyda.com
echo(
NET SESSION >nul 2>&1
IF %ERRORLEVEL% EQU 0 (
    ECHO Administrator PRIVILEGES Detected! 
) ELSE (
    ECHO This script has to be run with Administrator PRIVILEGES!
    ECHO(
    ECHO The script will now terminate.
    @pause
    exit
)
echo(
net stop spooler
del /q /s c:\windows\system32\spool\printers.
net start spoolerA
if %ERRORLEVEL% == 0 goto :successful
echo "Errors encountered during execution.  Exited with status: %errorlevel%"
goto :failed
:successful
echo The printer is ready for use again!
@pause
exit
:failed
echo "Script completed with error"
@pause

2 Run ResetPrinterJob.cmd or ResetPrinterJob.bat in Admin mode.

3 Now the printer is ready to be used again.

Method 2

1 Open “Task Manager” by using Ctrl + Alt + Delete key combination or right click on task bar then click on “Task Manager”

2 Click on “Services” tab

3 Find “Spooler”

4 Right click on it then click on “Stop”

5 Open file explorer navigate to “C:\Windows\system32\spool\PRINTERS”

6 Delete all files within the folder (Do not delete the “C:\Windows\system32\spool\PRINTERS” folder)

7 Bring back the Task Manager, start the Spooler service

8 Now the printer is ready to be used again.


Windows PowerShell: “… .ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at….”

The Error

When executing some PowerShell scripts, this error comes up.

… .ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at https://go,microsoft.com/fwlink/?LinkID=135170

The Fix

1 Enter following command then hit Enter key in PowerShell

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted

2 Enter Y or A to continue when prompted.

3 Now we can run the script again, this time there should be no error returned.


Useful Windows network commands

1 ping

Usually, it can be used for testing the connectivity and the network latency in millisecond (ms)

bytes: Packet size in bytes

time: Response time in ms, smaller = quicker

TTL: Time To Live

By default, Linux have TTL value of 64 or 255, WindowsNT/2000/XP have TTL value of 128, Windows 98 has TTL of 32, Unix have TTL of 255.

Windows TTL: 100 ~ 130ms

Unix/Linux TTL: 240 ~ 255ms

ping <host name>
ping <domain name>
ping <IP address>
ping google.com
ping google.com

1.1 ping 127.0.0.1: Check if the Network interface controller (NIC), TCP/IP protocol, subnet mask works.

1.2 ping the current host’s IP address: Check if local configuration/installation are correct. (If not, we can check network equipment and cables.)

1.3 ping IP within the current subnet: Check if the NIC works in local area network (LAN), if there is no reply, it means that the subnet mask may be incorrect, network cable issue, configuration issue etc.

1.4 ping default gateway: Check if the gateway works.

1.5 ping remote IP address: Check if the default gateway works, if the device can get on to internet.

1.6 ping localhost: localhost is an operating system (OS) reserved host name. It resolves to 127.0.0.1. Usually, devices should be able to resolve this to such address, otherwise there can be something wrong with the host file (/Window/host for Windows) (/etc/host for Linux)

1.7 ping www.google.com: It will be resolved to IP address first via querying DNS server, if not resolved, it can be the DNS server is not configured correctly or DNS server is not working. Sometimes it can be the domain is blocked by firewall in local area network. (ping can be blocked completely by firewall as well.) Or simply, the domain does not exist.

ping IP -t: ping the IP address continuously until Ctrl + C is pressed.

ping IP -l 1000: ping with specified length (1000 bytes) (default is 32 byte)

ping IP -f -l 1492: ping with specified length without fragmenting the packet.

ping IP -n 10: execute the ping command 10 times.

ping IP -a: Resolve the hostname and NetBIOS name via the pingable IP address.

for /L %D in (1,1,254) do ping 10.0.0.%D: ping from 10.0.0.1 to 10.0.0.254

for /L %D in (1,1,254) do ping 10.0.0.%D

Note: Ping command can be blocked by firewall deployed in the LAN, while it is a useful and helpful command for troubleshooting the network issues most of the time, but do not rely on it entirely and draw conclusion completely from ping command. Better to use it as a reference.

2 ipconfig

Used for checking TCP/IP configuration. Release, Renew DHCP leasse. Flush DNS cache etc.

2.1 ipconfig: Show IP address, Subnet Mask, Default Gateway of the interface

2.2 ipconfig /all: Show all details including DNS, WINS and extra information, MAC address, DHCP server IP address, DHCP lease obtained time, expire time etc.

2.3 ipconfig /release: Release all IP addresses obtained from DHCP server

2.4 ipconfig /renew: Renew the IP address from DHCP server, usually it will be the same IP address before “ipconfig /release”

2.5 ipconfig /flushdns: Flush DNS cache in Windows

2.6 ipconfig /displaydns: Print DNS cache from local machine on screen. (We can use ipconfig /displaydns > C:\dns-cache.txt to save output to text file for easier diagnostic)

3 tracert (traceroute)

Windows: tracert

Linux: traceroute

Used for checking routing condition/path and latency etc.

tracert <host name>
tracert <domain name>
tracert <IP address>
tracert google.com
tracert google.com

Output with 5 columns

Column 1: The number of the hop

Column 2: Round Trip Time 1 (RTT 1)

Column 3: RTT 2

Column 4: RTT 3

Column 5: IP address, name of the router

If any packet loss happen, “*” will be used instead of time in “ms”

4 arp (Address Resolution Protocol)

Used to check the corresponding Media Access Control Address (MAC address) of the IP address.

Can be used to output ARP cached information from current device or other devices. Manually set the MAC/IP pair.

arp -a
arp -a <IP>
arp -s <IP>
arp -d <IP>

4.1 arp -a: Show all data in ARP cache

4.2 arp -a IP: Only show all ARP cache from one of the NIC associated with the specified IP address

4.3 arp -s IP MAC: Manually add the IP MAC pair as static ARP cache to the system (Persistent across reboots)

4.4 arp -d IP: Manually delete a static ARP cache

5 route

Used for checking and configuring routing information.

route print
route add
route change

5.1 route print: Show current routing table

5.2 route add:

e.g. To configure a routing table for reaching 192.168.1.11, through 5 networks, via one of the route on local network which is 192.168.2.22, where the subnet is 255.255.255.224, then the following command will be used

route add 192.168.1.11 mask 255.255.255.224 192.168.2.22 metric 5

5.3 route change:

Can be used to change the path for the routing table but not the routing destination.

e.g. Change the above example from metric 5 to metric 2

route change 192.168.1.11 mask 255.255.255.224 metric 2

5.4 route delete: Delete routing table.

route delete 192.168.1.11

6 nslookup

Used to find out domain name/IP address of an host. Usually require DNS server.

6.1 nslookup: Show current configured DNS server on the host

nslookup

6.2 nslookup google.com: Use the default DNS server to check DNS records

nslookup goolge.com

6.3 nslookup google.com 8.8.8.8: Use the google DNS server (8.8.8.8) to resolve domain (google.com)

nslookup google.com 8.8.8.8
nslookup google.com 8.8.8.8
nslookup google.com 8.8.8.8

6.4 nslookup <IP address> <DNS server>: Reverse lookup

nslookup 8.8.8.8 8.8.8.8
nslookup 8.8.8.8 8.8.8.8
nslookup 8.8.8.8 8.8.8.8

7 netstat

Get current network information from current host.

Show active TCP connections, Ports the host listening on, Ethernet information, IP routing table, IPv4 information (IP, ICMP, TCP, UDP protocol), IPv6 information (IPv6, ICMPv6, TCP, UDP over IPv6).

7.1 netstat

Show active TCP connections

netstat

7.2 netstat -a: Show all connections, including “ESTABLISHED”, “LISTENING” states. (With host name/domain)

7.3 netstat -n: List the detail in IP address rather than host name/domain name.

7.4 netstat -e: Show statistical data about Network interface. (Total Bytes transferred, Errors, Discards, Unicast packets, Unknown protocols, Non-unicast packets)

7.5 netstat -r: Similar to route print, the output is similar to rout print command as well. Output routing table information.

Network DestinationDestination network
0.0.0.0Unknown network (Added automatically when using default gateway)
127.0.0.0Local host network address
224.0.0.0Multicast address
255.255.255.255Broadcast address
NetmaskNetmask address
GatewayGateway address
InterfaceInterface address
MetricHops

8 nbtstat

Used to troubleshoot NetBIOS.

8.1 nbtstat -n: Show information about your workgroup.

8.2 nbtstat -a <IP Aaddress>: Show NetBIOS information about that device

9 net

Used for service related, network related.

9.1 net help: Get more help

9.2 net hep <command> e.g. net help accounts: To get help on that specific net command (accounts in this case)

CommandExampleDescription
NET ACCOUNTSNET ACCOUNTSShow current accounts information
NET CONFIGNET CONFIG SERVER (or WORKSTATION)Show network configuration
NET GROUPNET GROUPShow groups (Only available on Domain Controller)
NET SENDNET SEND server1 “test message”Send broadcast message to other computers
NET SHARENET SHAREShow shared files/folders from local host
NET STARTNET START FaxStart service
NET STOPNET STOP FaxStop service
NET STATISTICSNET STATISTICS WORKSTATION (or SERVER)Show network statistics
NET USENET USE x:\serverFolderMap network drive with letter
NET USERNET USERShow accounts/users on local host
NET VIEWNET VIEWShow available computers on network

How to: Create/Add/Delete/Remove/List Users/Groups with Command Prompt/Command line in Windows (net command)

Keywords: Windows command prompt, command line, cmd, Add Users, Create Users, Delete Users, Remove Users, List Users, Add local groups, Create local groups, Delete local groups, List local groups, net command

Launch the Command Prompt (In Admin mode)

We should launch the Command Prompt in Administrator mode.

  • Use Win + X key combination -> “Windows PowerShell (Admin)”

or

  • Open start menu -> Type “cmd” -> Right click on “Command Prompt” -> Run as administrator

Add a New User

net user username password /add

net user user1 1234 /add
net user username password /add
net user username password /add

Add a user to a group

net localgroup administrator username /add

e.g. add user to local administrator group

net localgroup administrators user1 /add
net localgroup administrators user1 /add
net localgroup administrators user1 /add

Add a New Local Group

net localgroup newGroupName /add

net localgroup newgroup /add
net localgroup newgroup /add
net localgroup newgroup /add

List All Users

net user

net user
net user
net user

List information about a specific User

net user userName

net user win10
net user win10
net user win10

List All Users with Sid

WMIC useraccount get name

WMIC useraccount get name,sid

WMIC useraccount get name
WMIC useraccount get name,sid
WMIC useraccount get name,sid
WMIC useraccount get name,sid

List All Local Groups

net localgroup

net localgroup
net localgroup
net localgroup

Remove a User from a Local Group

net localgroup groupName userName /delete

net localgroup administrators user1 /delete
net localgroup administrators user1 /delete
net localgroup administrators user1 /delete

Remove a Local Group

net localgroup groupname /delete

net localgroup mygroup /detele
net localgroup mygroup /detele
net localgroup mygroup /detele

Remove a User

net user username /delete

net user user1 /delete
net user user1 /delete
net user user1 /delete

Windows Operating System Penetration – Disable security measures via commands

We must have obtained admin privilege first, then execute following commands under administrator privilege.

  • Disable built-in firewall
netsh advfirewall set allprofiles state off
Disable Windows firewall
Disable Windows firewall

  • Disable Windows Defender (Via sc stop or net stop command, or via registry)

  • Disable DEP
bcdedit.exe /set {current} nx AlwaysOff 

  • Disable Bitlocker
manage-bde -off C:

(Use following command to check Bitlocker status)

manage-bde -status C:
manage-bde
manage-bde

Show/Set service’s security descriptor on Windows, Windows Server. Security Descriptor Definition Language (SDDL)

Show service’s security descriptor

sc sdshow serviceName

e.g. Show Windows Defender’s security descriptor

sc sdshow WinDefend
sc sdshow WinDefend
sc sdshow WinDefend

The security descriptor, as displayed by sc sdshow, is formatted according the Security Descriptor Definition Language (SDDL).

Set service’s security descriptor

sc [<ServerName>] sdset <ServiceName> <ServiceSecurityDescriptor> 
sc sdset <ServiceName> <ServiceSecurityDescriptor>

sdset Parameters

ParameterDescription
<ServerName>Specifies the name of the remote server on which the service is located. The name must use the Universal Naming Convention (UNC) format (for example, \\myserver). To run SC.exe locally, omit this parameter.
<ServiceName>Specifies the service name returned by the getkeyname operation.
<ServiceSecurityDescriptor>Specifies the service descriptor in SDDL.
/?Displays help at the command prompt.

Security Descriptor Definition Language (SDDL)

The security descriptor, as displayed by sc sdshow, is formatted according the Security Descriptor Definition Language (SDDL).

The descriptor will usually be divided into two parts:

  1. Prefix of S: β€“ System Access Control List (SACL),controls auditing (not covered in this post)
  2. Prefix of D: β€“ Discretionary ACL (DACL),controls permissions

Each section, inside the parenthesis, represent a specific entry (security/auditing).
Inside the parenthesis, the user account and the correct permissions are specified.

(A;;CCLCSWLOCRRC;;;AU)

The first letter represents Allow (A) the opposite of Deny which would be represented by a (D).
Each pair of letters represents a specific permission:
CC – SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration
LC – SERVICE_QUERY_STATUS – ask the SCM for the service’s current status
SW – SERVICE_ENUMERATE_DEPENDENTS – list dependent services
LO – SERVICE_INTERROGATE – ask the service its current status
CR – SERVICE_USER_DEFINED_CONTROL – send a service control defined by the service’s authors
RC – READ_CONTROL – read the security descriptor on this service.

Additional permissions:
RP – SERVICE_START – start the service
WP – SERVICE_STOP – stop the service
DT – SERVICE_PAUSE_CONTINUE – pause / continue the service

The last two letters define the security principal assigned with these permissions (a SID or well known
aliases:
AU – Authenticated Users

Possible aliases:

β€œAO” Account operators
β€œRU” Alias to allow previous Windows 2000
β€œAN” Anonymous logon
β€œAU” Authenticated users
β€œBA” Built-in administrators
β€œBG” Built-in guests
β€œBO” Backup operators
β€œBU” Built-in users
β€œCA” Certificate server administrators
β€œCG” Creator group
β€œCO” Creator owner
β€œDA” Domain administrators
β€œDC” Domain computers
β€œDD” Domain controllers
β€œDG” Domain guests
β€œDU” Domain users
β€œEA” Enterprise administrators
β€œED” Enterprise domain controllers
β€œWD” Everyone
β€œPA” Group Policy administrators
β€œIU” Interactively logged-on user
β€œLA” Local administrator
β€œLG” Local guest
β€œLS” Local service account
β€œSY” Local system
β€œNU” Network logon user
β€œNO” Network configuration operators
β€œNS” Network service account
β€œPO” Printer operators
β€œPS” Personal self
β€œPU” Power users
β€œRS” RAS servers group
β€œRD” Terminal server users
β€œRE” Replicator
β€œRC” Restricted code
β€œSA” Schema administrators
β€œSO” Server operators
β€œSU” Service logon user

Lets look at another example:
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)

A – Allow
CC – SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration
DC – Delete All Child Objects
LC – SERVICE_QUERY_STATUS – ask the SCM for the service’s current status
SW – SERVICE_ENUMERATE_DEPENDENTS – list dependent services
RP – Read all properites
WP – SERVICE_STOP – stop the service
DT – SERVICE_PAUSE_CONTINUE – pause / continue the service
LO – SERVICE_INTERROGATE – ask the service its current status
CR – SERVICE_USER_DEFINED_CONTROL – send a service control defined by the service’s authors
SD – Delete
RC – READ_CONTROL – read the security descriptor on this service.
WD – Modify permissions
WO – Modify owner
BA- Built-in administrators

Resources