The steps in the example below will allow a Non-Admin user to manage the Remote Registry service using the SC.EXE command.
Before you start, you can pre-test that a standard user cannot use the command line to start the service.
Use command sc config remoteregistry start=auto
to start your test.
1. Create an LPM Combo rule using Path and Command line.
2. For the Path use: C:\Windows\System32\sc.exe
3. For the Command line use: the syntax: * ServiceName*
So Star * space ServiceName* like
* RemoteRegistry*
to ensure that both Strict equality and Ignore argument case options are checked as in the screenshot below.
Note: You can use services.msc and look at the properties of an individual service to get the ServiceName, or you can use the “sc query” command from CMD to get the ServiceName.
Next, apply the policy to the user(s) or computer(s) that need to receive the policy, and then test from a CMD prompt as a standard non-admin user to see if you can manage the Remote Registry service using the SC.EXE command:
Since the Remote Registry service is disabled by default we first need to enable the service and choose its startup type.
SC Config RemoteRegistry Start=Auto
Then you can try to START the service.
SC Start RemoteRegistry
And to STOP the service.
SC Stop RemoteRegistry
And lastly to disable the service.
SC Config RemoteRegistry Start=Disabled
XML for policy is attached below which you may use as an example.