I know this question has been asked in the past, but a satisfactory answer has not been provided.
I am using the SC command to config the credentials for a service.
SC.exe config "SERVICE NAME" obj= "domain\user" password= "password"
This completes successfully, but when I start the service, it fails
to perform the login.
[NET START "service name"]
If I manually update ONLY the password from the services.msc, then when I start the service it works fine.
I have hundreds of servers to update this change occurs in the middle of a deployment, so manual intervention is NOT an option.
I have tried using the config to update the login account and then another config command for the password.
From all accounts, the SC.exe does not work for passwords and Microsoft has NO help.
IDEAS?
Besides stopping the service before making the changes, and granting the user permission to logon as a service, I also had to add the type= own parameter, otherwise it would fail with:
[SC] ChangeServiceConfig FAILED 87:
The parameter is incorrect
So this is the command that worked:
SC.EXE config "ServiceName" type= own obj= "domain\user" password= "password"
It even worked with special characters in the password, given I had the password between double brackets.
When you configure a service to run under a specific account via the normal route from the service properties windows automatically grants the account the log in as service right. When you use sc.exe you also have to grant the user the log on as service right.
I had this issue. Thanks to ST's comment on the original post, I realized I needed to research how to type the password. In my case, I needed to double up the percent sign (%%) in the password.
The link ST provided is helpful: Escaping special characters in cmd.
Before restarting services, you should grant your user permission to logon as a service. Unfortunately, no way to do it from command line with default windows tools, but you can use small additional util ntright.exe from Windows Server 2003 Resource Kit Tools.
Download it from https://www.microsoft.com/en-us/download/details.aspx?id=17657
After installation you'll get a lot of tools in C:\Program Files (x86)\Windows Resource Kits\Tools (or in Program Files on 32bit machine).
You need ntrights.exe. You can copy it and run from any place on another host.
To grant your user required permission, you should add to your script:
ntrights.exe +r SeServiceLogonRight -u "%DOMAIN%\%USER%"
After that you can successfully restart services with a new user. Also there is an option to run ntrights.exe on remote host:
ntrights.exe +r SeServiceLogonRight -u "%DOMAIN%\%USER%" -m %HOSTNAME%
This tool helps me very much when I need reconfigure a lot of hosts remotely.
Try to stop the service before setting up the password:
sc.exe stop "<my_service>" 4:4:3
sc.exe config "<my_service>" obj= "\.<local_acc_name>" password= "<local_acc_pass>"
sc.exe start "<my_service>"
Run against this problem while doing some Powershell scripting and the issue in my case was the special characters in the password.
Got it working by storing the password in a variable with double quotes around it:
$servicePassword = "`"passwordWithSpecialCharacters`""
cmd /c sc config myService obj= mydomain\myuser password= $servicePassword
Special characters are:
()'"$><^?
Try This. Start menu - type "local security policy" without the quotes. Open the "Local Policies", then left-click on "User Rights Assignment". On the right panel, right-click on "Log on as a service", and select "Properties". Click on "Add User or Group" and add your user. Click OK. You might have to reboot your machine.
After adding you can set the user name and password for the service in cmd.
来源:https://stackoverflow.com/questions/14408973/using-sc-exe-to-set-service-credentials-password-fails