# Restrict change config to administrators only
sc sdset VulnService "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)"

Rule ID: e6db77e5-3df2-4cf1-b95a-636979351e5b (Block process creations originating from PSExec and WMI commands often used with NSSM).

NSSM 224 is not inherently vulnerable, but common deployment patterns create local privilege escalation paths. Sysadmins must check service and registry permissions when using any service wrapper.