作为“普通”UAC提升用户(即别名成员BUILTIN\Administrators,但不是 .\Administrator),我如何列出所有使用的服务Get-Service并避开下面描述的问题?我如何进一步诊断问题?
在编写更复杂的脚本的过程中,我尝试枚举系统上的所有服务。只需Get-Service在(提升的)PowerShell 提示符下发出以下命令,即可获得以下内容(摘录):
Status Name DisplayName
------ ---- -----------
[...]
Running DcomLaunch DCOM Server Process Launcher
Get-Service: Service 'dcsvc (dcsvc)' cannot be queried due to the following error:
Get-Service: The system cannot find the file specified.
它不会继续执行dcsvc(又名“声明配置 (DC) 服务”)。我正在问题底部重现导出的注册表项。
我立即的反应是用来-ErrorAction消除错误并让它继续......唉:
~$ Get-Service -ErrorAction SilentlyContinue|Where-Object { $_.Name -Like "Wallet*" }
Get-Service: The system cannot find the file specified.
事实上,即使在服务管理单元中我也看到了:
Get-Service -Name dcsvc给出了同样的错误。
这里的问题不在于权限,而在于它Get-Service无法完成其工作,并且在第一次看到错误时只是简单地枚举失败,而不是继续并在最后给我一个累积的错误状态。
进一步观察:
- 尽管提示已提升,但该错误似乎可能与权限问题有关。使用
psexec并运行services.msc(或 PowerShell)NT AUTHORITY\SYSTEM显示我可以成功枚举全部服务。 - 该问题在脚本和交互式提示中都会发生。
- 我无法从 PowerShell 中检索到的对象中看到安全描述符 (SD),但能够通过 检索 SD
(Get-Acl -Path HKLM:\SYSTEM\CurrentControlSet\Services\dcsvc).sddl,这给了我(为了便于阅读添加了换行符):
我非常肯定O:SY G:SY D:AI (A;CIID;KR;;;BU) (A;CIID;KA;;;BA) (A;CIID;KA;;;SY) (A;CIIOID;KA;;;CO) (A;CIID;KR;;;AC) (A;CIID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIID;KA;;;BA)ACE 应该会从提升的提示符中授予我所有必要的访问权限,但仍然有些问题。但我不能 100% 确定Services子项的 SD 是否与服务的 SD 一致。 Parameters子键( 、TriggerInfo、TriggerInfo\0、 )上的 SDTriggerInfo\1都与顶级键上的完全相同。- 例如,当使用表单时
Get-Service "Wallet*",我可以列出匹配的服务,但仍然无法枚举所有服务。 - 启动到安全模式时问题仍然存在。
- 在不相关的 Windows 10 Pro (19044) 和 Windows 11 Pro N (22000) 安装上,SD 完全相同(根据 SDDL 输出)。直到上一个 ACE 中的受托人。
- 问题仍然存在
sfc /scannow && dism /online /cleanup-image /restorehealth(即使sfc“Windows 资源保护未发现任何完整性违规。”)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\dcsvc.dll,-101"
"DisplayName"="@%systemroot%\\system32\\dcsvc,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,04,00,00,00,14,00,00,\
00,01,00,00,00,10,27,00,00,01,00,00,00,10,27,00,00,01,00,00,00,10,27,00,00,\
00,00,00,00,00,00,00,00
; ImagePath = "%systemroot%\system32\svchost.exe -k netsvcs -p"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc\Parameters]
"IdleTimeout(sec)"=dword:00000078
; ServiceDll = "%SystemRoot%\system32\dcsvc.dll"
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:35,00,39,00,62,00,65,00,62,00,39,00,37,00,37,00,2d,00,64,00,30,00,\
33,00,37,00,2d,00,34,00,38,00,66,00,34,00,2d,00,61,00,66,00,37,00,34,00,2d,\
00,63,00,61,00,30,00,37,00,35,00,34,00,39,00,33,00,61,00,35,00,32,00,33,00,\
00,00
"DataType0"=dword:00000002
"GUID"=hex:67,d1,90,bc,70,94,39,41,a9,ba,be,0b,bb,f5,b7,4d
"Type"=dword:00000006
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc\TriggerInfo\1]
"Action"=dword:00000001
"Data0"=hex:30,00,61,00,30,00,64,00,62,00,36,00,31,00,34,00,2d,00,65,00,39,00,\
66,00,62,00,2d,00,34,00,38,00,63,00,66,00,2d,00,39,00,31,00,34,00,33,00,2d,\
00,37,00,61,00,65,00,37,00,31,00,38,00,66,00,66,00,32,00,63,00,38,00,33,00,\
00,00
"DataType0"=dword:00000002
"GUID"=hex:67,d1,90,bc,70,94,39,41,a9,ba,be,0b,bb,f5,b7,4d
"Type"=dword:00000006
注意:我添加了每个值上方的纯文本值REG_EXPAND_SZ作为注释。
另一件需要注意的事情是 的值DisplayName,它不引用有效的 DLL,因此也不引用资源。但是,我在不相关的(而且其他方面都很干净的)Windows 10 Pro (19044) 安装和同样原始的 Windows 11 Pro N (22000) 安装中检查了这些值 — 情况相同。
注册表中提到的文件的状态:
C:\>dir /b %systemroot%\\system32\\dcsvc.dll
dcsvc.dll
C:\>dir /b %systemroot%\\system32\\dcsvc
File Not Found
C:\>dir /b %SystemRoot%\system32\dcsvc.dll
dcsvc.dll
C:\>dir /b %systemroot%\system32\svchost.exe
svchost.exe
答案1
我注意到,如果我在计算机上双击“服务” dcscv,我会得到完全相同的错误!但是,Get-Service以管理员身份运行的 PowerShell 终止得很好,我可以
dcsvc在列表中找到。
问题:该文件%systemroot%\system32\dcsvc.dll在您的计算机上存在吗?
我建议运行chkdsk来验证文件系统。
您可以对照我的注册表内容来验证您的注册表内容
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc。我的注册表内容如下:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc]
"DelayedAutoStart"=dword:00000001
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\dcsvc.dll,-101"
"DisplayName"="@%systemroot%\\system32\\dcsvc,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,04,00,00,00,14,00,00,\
00,01,00,00,00,10,27,00,00,01,00,00,00,10,27,00,00,01,00,00,00,10,27,00,00,\
00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc\Parameters]
"IdleTimeout(sec)"=dword:00000078
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="ServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:35,00,39,00,62,00,65,00,62,00,39,00,37,00,37,00,2d,00,64,00,30,00,\
33,00,37,00,2d,00,34,00,38,00,66,00,34,00,2d,00,61,00,66,00,37,00,34,00,2d,\
00,63,00,61,00,30,00,37,00,35,00,34,00,39,00,33,00,61,00,35,00,32,00,33,00,\
00,00
"DataType0"=dword:00000002
"GUID"=hex:67,d1,90,bc,70,94,39,41,a9,ba,be,0b,bb,f5,b7,4d
"Type"=dword:00000006
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dcsvc\TriggerInfo\1]
"Action"=dword:00000001
"Data0"=hex:30,00,61,00,30,00,64,00,62,00,36,00,31,00,34,00,2d,00,65,00,39,00,\
66,00,62,00,2d,00,34,00,38,00,63,00,66,00,2d,00,39,00,31,00,34,00,33,00,2d,\
00,37,00,61,00,65,00,37,00,31,00,38,00,66,00,66,00,32,00,63,00,38,00,33,00,\
00,00
"DataType0"=dword:00000002
"GUID"=hex:67,d1,90,bc,70,94,39,41,a9,ba,be,0b,bb,f5,b7,4d
"Type"=dword:00000006
如果一切都失败了,我建议做一个 通过就地升级修复 Windows 10 安装。这与对 Windows 进行重大升级相同,因此请采取相同的预防措施。它将保留您的应用程序、数据和几乎所有设置。但它可能会返回您的计算机上似乎丢失的文件。