how do you start/stop windows 7 service remotely?


Recommended Posts

I have two windows 7 computers in our home wireless network, both have file sharing enable and password disable.

now is there a way to start a service in computer A from computer B?

I tried right click on "computer" then "manage" and right click and "connect to a different computer" and it connects but doesn't let me see the services, it says "error 5 access denied"

also tried from the cmd, sc \\remote comp name "start service" and same error

please help

you could remote into that computer using rdp and start and stop services that way. that would be the easiest way. the other way would involve mapping a drive and using the local admin user of the remote pc logged in. It gets a little hairy with home pc's, stupid local authentication. you can try other remote services like logmein, but you would have to pay

Off the top to remove the access denied on manage remote computer for services - I do believe you have to enable the admin shares, which since vista has been disabled out of the box unless joined to a domain. Need to enable in registry

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

New DWORD LocalAccountTokenFilterPolicy = 1

Reboot and you should be good - as long as you auth to the computer with an admin account.

I do remote management of my home machines services.

  On 17/11/2010 at 14:59, BudMan said:

Off the top to remove the access denied on manage remote computer for services - I do believe you have to enable the admin shares, which since vista has been disabled out of the box unless joined to a domain. Need to enable in registry

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

New DWORD LocalAccountTokenFilterPolicy = 1

Reboot and you should be good - as long as you auth to the computer with an admin account.

I do remote management of my home machines services.

i did this in the computer i am trying to start the service to, and no dice :(

And are you authing with admin account on that PC? It's easiest if your logged in with an account on your PC that matches up with account and password of admin account on the remote machine.

I will test here in a few minutes on my home machines -- but from what I remember this was all that had to be done. Maybe I did something else and don't recall doing it - will double check here in a bit.

  On 17/11/2010 at 15:25, BudMan said:

It's easiest if your logged in with an account on your PC that matches up with account and password of admin account on the remote machine.

seconding this - that's exactly what i do - works just fine.

cant remember the reg key change i had to do, but i trust BudMan's key mention - that was probably it.

(cant be a blank password, of course, but you know that anyway...)

Ok just verified -- yup have remote service access just fine on a w7-test box from my machine.

As you can see

post-14624-12900123060491.jpg

Now I am logged in on my machine with an account that matches both username and password on the remote machine that is admin account.

I think what your seeing is this.. Even if you auth to the remote machine with an account, see below - I authed with a bud account to both admin$ and IPC$, MMC is not running as that account.. So if I try and access computer managment remotely logged in with a different account (which it sends) I get access denied -- see left side of image.

But if I run as mmc as account that matches up with remote machine (bud) it works just fine.

post-14624-12900129269599.jpg

So if your not going to be logged in on your machine with an account that matches up (username and password) -- then you need to run the MMC as an account that does. So lets say your remote machine has an account called billy Pass123, create an account on your machine billy Pass123, then run your MMC as that - and add the computer managment snapin -- this is what I did on the right side of the above image.

edit: BTW if you want to just use sc -- as long as you auth with an admin account your fine

example -- before I auth, get access denied. Then I auth with account that has permissions and I can use SC just fine

post-14624-12900139256924.jpg

Edited by BudMan

Wow, thank you very much for the help, earlier today i was able to do it through remote desktop, but it was too much to do, i guess ill just create an account that matches user and pass like you suggested, i tried with the sc command but same deal, now it might sound dumb but, im assuming that i authorized the account with permission and everything but still wasnt able to do it with the "sc" command

so lets say i rather use the command prompt instead, i don't need to have the same account name and password right? but how do i authorize my account to access the other pc?

thanks again for taking the time to help me.

You don't authorize your account.. You just need to know an account on that machine that is an admin..

Unless your in a domain your always authing as accounts on that machine.. Your machines accounts are meaningless to an other machine on the network..

I gave you a screen shot of authing to the machine with one of its accounts -- not sure how better to explain it to you..

The BUD account is on the W7-TEST machine..

You have 2 machines.. Machine A and B

I if your on machine B and you want to send sc commands to machine A -- then you need to auth to machineA with an account on machine A that has admin rights.

Like in the example I gave where I sent the bud info.

From machineB

net use \\machineA\ipc$ /user:machineA\machineAacccount macchineAaccountpassword

Does not matter what accounts you have on machine B if doing such a thing. Only if you want to trick the machine into thinking your using one of its accounts does the match up thing work. Ie logged into machineB billy account that has same password as billy account on machineA

If machineA has a billy account with pasword123

And machineB has a billy account with password123 -- machineA will think your using its billy account.. It could really give a **** about your machineB account.. The SIDs do not match. never will! Since your not part of a domain. But when authing to a machine in a workgroup -- sids do not come into play..

If they did you being logged in with billy on machineB wouldn't working -- since machineB billy account would not have the same sid as billy account on machineA

edit: What I do on my home network where none of the machines are in a domain. Is create an account on all the machines I want to admin that matches up with the account I normally login with on my main PC..

So my main desktop quad-w7 I have a budman Password1

on my wifes laptop kim-pc, I created an admin account on her machine budman Password1

on my kids laptops they all have a budman Password1 account in their administrators group.

All my virtual machines have budman Password1 account in their admin groups

Same goes for my 2k8 server (standalone mode) It has an account in admin group budman with Password1

Now I can access admin shares, remote manage any machine on the network if I am logged in as budman Password1 on my quad-w7 box. Or if using different account on quad-w7 I can send the budman Password1 to any machine and then access its admin$, C$ etc..

Think of it as a domain admin account, without a domain ;) Its just a common account on every machine on my network that has admin rights on that machine which I can use to auth with.. You do not authorize an account on machineA to do anything on machineB -- you need to know a machineB account to do anything on machineB in a workgroup.

Edited by BudMan
  On 18/11/2010 at 13:31, BudMan said:

You don't authorize your account.. You just need to know an account on that machine that is an admin..

Unless your in a domain your always authing as accounts on that machine.. Your machines accounts are meaningless to an other machine on the network..

I gave you a screen shot of authing to the machine with one of its accounts -- not sure how better to explain it to you..

The BUD account is on the W7-TEST machine..

You have 2 machines.. Machine A and B

I if your on machine B and you want to send sc commands to machine A -- then you need to auth to machineA with an account on machine A that has admin rights.

Like in the example I gave where I sent the bud info.

From machineB

net use \\machineA\ipc$ /user:machineA\machineAacccount macchineAaccountpassword

Does not matter what accounts you have on machine B if doing such a thing. Only if you want to trick the machine into thinking your using one of its accounts does the match up thing work. Ie logged into machineB billy account that has same password as billy account on machineA

If machineA has a billy account with pasword123

And machineB has a billy account with password123 -- machineA will think your using its billy account.. It could really give a **** about your machineB account.. The SIDs do not match. never will! Since your not part of a domain. But when authing to a machine in a workgroup -- sids do not come into play..

If they did you being logged in with billy on machineB wouldn't working -- since machineB billy account would not have the same sid as billy account on machineA

edit: What I do on my home network where none of the machines are in a domain. Is create an account on all the machines I want to admin that matches up with the account I normally login with on my main PC..

So my main desktop quad-w7 I have a budman Password1

on my wifes laptop kim-pc, I created an admin account on her machine budman Password1

on my kids laptops they all have a budman Password1 account in their administrators group.

All my virtual machines have budman Password1 account in their admin groups

Same goes for my 2k8 server (standalone mode) It has an account in admin group budman with Password1

Now I can access admin shares, remote manage any machine on the network if I am logged in as budman Password1 on my quad-w7 box. Or if using different account on quad-w7 I can send the budman Password1 to any machine and then access its admin$, C$ etc..

Think of it as a domain admin account, without a domain ;) Its just a common account on every machine on my network that has admin rights on that machine which I can use to auth with.. You do not authorize an account on machineA to do anything on machineB -- you need to know a machineB account to do anything on machineB in a workgroup.

thanks for the explanation, i was trying to see if there was a way to be able to send sc commands to the other machine without the need of a matching account and pass, but it's fine, i can live with that, at least i am now able to switch services remotely.

thanks again bud.

Yes dude you can send the command without having a matching account on your machine.. Exactly what I showed myself doing. And what I just went over again.. What are you not understanding??

post-14624-12900139256924.jpg

See where I get accessed denied .. Then I auth by making a connecting to IPC$ with the bud test123 account..

Now the SC command works!

sorry to be such a pain dude LOL, i read it again a bit more carefully and finally got it, first time i was trying to take care of a bunch of things at the same time, including keeping my 1 year old son away from my computer LOL

thanks again man, you've been so helpful

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.