In Windows (10 specifically) why can a user stop or start a service via services.msc but if attempting to do this via cmd require an elevated shell?

windows services elevation

As the title suggests. I had a user who has rights to open services.msc and can start/stop/edit the services with no issue via the GUI.

User cannot script the starting of a service (e.g. "net start SERVICENAME") however because it requires an elevated admin cmd to run these commands. I was just wondering how to explain this behavior?

I don't know if this is unique to Windows 10 but I am not able to try other releases.


Solution 1:

Most likely, Services.msc is actually running elevated/as an administrator. By default on Windows 7 and later, users who are local administrators only see elevation prompts for programs outside a Windows-controlled allowed list; programs on the allowed list, which I believe does include Services.msc, will be auto-elevated without any prompt.

You can check this by creating a local user who isn't an administrator and seeing if you can launch Services as that user without entering an administrator's username and password.

Related

Where to download missing libc.so.6
Converting a Word document to LaTeX format
How can I stop Ubuntu 20.04 from restricting my cpu space?
PowerShell 7 "Where-Object" and its aliases return nothing
How to clear (remove) macos extended attributes recursively from a directory?
how to stop 'Upgrade to windows 11' process in windows 10?
Is there a way to use a Visual Studio 2019 install after reinstalling Windows?
Beep sound in remote desktop
Excel: How to bind/group several data points to one so that if the arrangement is changed, the data points remain fixed to the one?
How to update Office 2016 to Office 2019?
for loop wget directory creation error
Is it possible to use a laptop charger in other laptop with different specifications? [duplicate]