For the first time today I ran into Nessus plugin ID 44676.
It highlighted an “insecurely configured Windows service”. This related to a Service Discretionary Access Control List (DACL), which is a whole bag of new to me.
The guidance shows how you can use the command line to show the DACL for the service it reported the issue with.
The following service has insecure group permissions:
Bacway Windows Service (BacwayService) :
– Authenticated Users: DC
More information is given here: https://support.microsoft.com/en-us/help/914392/best-practices-and-guidance-for-writers-of-service-discretionary-acces