New security policy beginning with Windows 10 version 1709 and Windows Server 2016 version 1709 blocks remote callers who are not local administrators from starting/stopping services. (https://support.microsoft.com/en-us/topic/block-remote-callers-who-are-not-local-administrators-from-starting-stopping-services-c5f77f8e-09e6-57e6-72d1-2c4423627a24)
On Windows Server 2019 registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\SCM key RemoteAccessCheckExemptionList (REG_MULTI_SZ) with value as my service name not working for me!
A non-admin user with granted rights via sc sdset for start / stop target service cannot remotely working as command: sc \\<servername> stop <my service name> or sc \\<servername> start <my service name>
Error 5: Access denied.
Only HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control key RemoteAccessExemption with REG_DWORD (32-bit) value set to 1 can globally disable this new check and restore the older, less-secure behavior!
Why RemoteAccessCheckExemptionList does not working?
Can someone else check and confirm this issue?
