|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #70961 Allow service control from less privileged process
Submitted: 2015-11-23 20:26 UTC Modified: 2018-10-08 18:39 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: bdagnin at incontrol dot co dot nz Assigned: jbnahan (profile)
Status: Closed Package: win32service (PECL)
PHP Version: 5.5.30 OS: Windows
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: bdagnin at incontrol dot co dot nz
New email:
PHP Version: OS:


 [2015-11-23 20:26 UTC] bdagnin at incontrol dot co dot nz
Currently to start or stop a service, the PHP application must run with administrator level privileges.
This patch allows a less privileged process (eg: running under IIS application pool identity) with a sufficient DACL grant on the service to be able to start or stop it.

It works for me with a minimal explicit 'RPWPRC' grant on the service.

Please be careful when modifying a service ACL - recovery could become tricky.
The 'sc sdset' command overwrites the entire ACL - you must specify the full ACL, not just additions (use 'sc sdshow' to see the current one).

For reference "Best practices and guidance for writers of service discretionary access control lists":
The Sysinternals utility "PsGetsid.exe" can be used to determine the SID of an IIS application pool identity -

The patch is based on the v0.1.0 svn tag:


permit-service-acl.patch (last revision 2015-11-23 20:27 UTC by bdagnin at incontrol dot co dot nz)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-10-08 18:39 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: jbnahan
 [2018-10-08 18:39 UTC]
The 0.3.0 release can run service without admin right.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Tue Oct 03 05:01:25 2023 UTC