IServiceObjectSecurity Interface

Inherited from



Applies to Objects


The IServiceObjectSecurity interface is useful for security management on Windows services.

You can use the methods of IServiceObjectSecurity to grant permissions to users or groups to manage services, view the status of services running on a Windows computer, and so on. You can also revoke permissions for some users to view service status so that only authorized users can do such operations.

By default, Windows grants permissions to view service details to "Everyone". This implies that if users can log on either locally or remotely to a computer running Windows, they can view the status of the services running on that computer. This operation can be verified using third party tools or a script. The Server Manager does not allow this operation.

For more advanced operations like checking the effective permissions a user has, getting the ACL (Access Control List), the GetObjectSecurity method returns a pointer to the IObjectSecurity Interface.




Initializes the object with the service on which operations are to be performed.


Gets the IObjectSecurity Interface pointer for the current Service object. This is useful to perform advanced operations like checking effective permissions, deleting an ACE and so on


Gets the access permissions that a user or group has on the current Service object.


Gives a user or group permissions on the current Service object.


To use the functionality provided by IServiceObjectSecurity, the service on which operations are to be performed should be first attached. This can be done using the AttachService functions.

Dim ServiceSecurity As IServiceObjectSecurity
Set ServiceSecurity = CreateObject("DirectScript.ObjectSecurity")
'Attach to the eventlog service on the computer "Moon".
ServiceSecurity.AttachService "eventlog", "Moon"


See Also