Unable to open awservices.exe

Sometimes, you may give full permission for users (server operators etc.) to a service to manage server. The User may have problem with this service's executable file when user need to run this file at command prompt.

This problem occured when server operators run awservices.exe at command prompt to interpret functioning of Unicenter TND agent Tecnology.

To resolve this case, you must give full control permission on service dacl (discretionary access control lists). To do this beforo read dacl of service with;

"Sc sdshow awservices" command. The command genaretes results that like;

(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;PU)(A;;CCDCLCSWLOCRRC;;;LS)

Copy this results and add server operators group or the group which you want to add with neccesary permission.

To set new dacl to service, use following comand;

sc sdset awservices D:

SC
Communicates with the Service Controller and installed services. SC.exe retrieves and sets control information about services. You can use SC.exe for testing and debugging service programs. Service properties stored in the registry can be set to control how service applications are started at boot time and run as background processes. More information about SC click here

A problem that can't reach to machine on network.

PROBLEM: Couldn't reach to machine on network either rdp or ping even safe mode with networking. But the machine was up and no errors at eventviewer. Not resolved by resetting tcp/ip and winsock stack. No problem with nic or server services..

To determine the problem was very hard. I restarted machine without to run some services like IPSEC. Nema problema.. :) The problem was gone..

When I opened IPSEC Monitor with MMC, got error that 0x80070002. The problem occured after starting IPSEC .

CAUSE: corrupted polstore.dll

RESULOTION: regsvr32 polstore.dll

Rebuild a new local policy store. To do this, Click Start, click Run, type regsvr32 polstore.dll in the Open box, and then click OK

Related MS article http://support.microsoft.com/?kbid=912023
To reset TCP/IP http://support.microsoft.com/kb/299357
To reset and repair winsock http://support.microsoft.com/kb/811259

SYSVOL share permission sets default "everyone:read" and "authenticated users:full" when you promote server to domain controller. Windows Server 2003 domain controller unnecessarily provides too many permissions to the SYSVOL share for the Authenticated Users group. This situation is described in KB812538.

The ACLs (NTFS permissions) of items in the SYSVOL share do not allow Full Control access to members of the Authenticated Users group. However, if these permissions are inadvertently changed, members of the Authenticated Users group might have Full Control permissions in the default installation of Windows Server 2003.

I am managing 46 dc at different sites. I used RMTShare.exe to decrease share permissions. The command is;

RMTShare.exe \\DC1\SYSVOL /GRANT "Authenticated Users":R /REMOVE Everyone

You can use this command with bacth file or wbscritp.

Microsoft has placed the RMTShare.exe program on their FTP site at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/RMTSHAR.EXE.