Top of my head, no, but if you have another 'similar' server, you could essentially try to use sc.exe from a command-line on this server (http://support.microsoft.com/kb/251192) and try to kill and recreate the service.  Might even be able to do it from safemode.  Only other thought I'd have would be to boot to a linux cd / dvd (http://www.pcregedit.com/) and find / manipulate the key from there, since Linux doesn't really CARE about windows permissions, much!  <evil grin>

 

Thanks for the replies.

I have tried sc with no luck, just get an 'access denied' error.

No, I'm talking about the permissions of the service (as in, pull in a new security template, edit the service to be 'disabled' and then change it to a have permissions of 'everyone - deny').

This is on Server 2003 and it is the Windows Time service (w32time). When you look in services, it's not even there. And any other attempts I've made have just resulted in 'access denied.' I did try changing the security value within the registry to match one of the other services but this didn't appear to work either (unless a reboot is needed?).

Okay, thanks. I will give that another shot when I get a chance to see if it actually works then.

I did find that resetting security permissions via this command did the trick on a test box:


I just have to do some further testing/checking to see what all else it changes. The services isn't too big a deal since I can just go back in and re-apply the template I already have.

I suppose it's possible - but I was told that it was locked out via the security analysis/configuration snap-in. I just happened to notice that the security key with the security entry had a value that was different from the other services. I thought maybe by changing that value to match the others it would magically show up

The command I referenced above works, but it pulls back in the 'setup security' (out of the box settings). Which is good that it works, but requires a whole lot of reconfigurations to get things back to how they should be. I'm working on going through that template right now to compare to the current settings (minus the w32time permissions). If I can figure it all out I'll just create a new template, do the reset and then apply my template to bring all the settings back to how they should be.

Luckily, this isn't causing any problems for the moment so I've got some time. It was done originally to sync the time with a phone switch instead of the network due to the application running on it. Apparently group policy was re-enabling w32time after the admins were disabling it and it was causing issues with their app so removing all permissions was the way to fix it I guess.

Beautiful!

That was it. Had the right registry key - HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Security - it just needed to be rebooted after making that change. It worked on my test box anyway, just gotta wait for an opportunity to reboot this server and make sure it works there too (I'm sure it will).

Sweet Thanks guys!