TOC & Recently Viewed

Recently Viewed Topics


This policy item checks for the startup values defined in “System Services”. The check is performed by calling the function RegQueryValueEx on the following keys:

  • key: "SYSTEM\CurrentControlSet\Services\" + service_name
  • item: "Start"

Note: This check requires remote registry access for the remote Windows system to function properly.




description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

(optional) check_type: [value]

service_name: ["service name"]


The allowed types are:

  • value_type: SERVICE_SET
  • value_data: "Automatic", "Manual" or "Disabled"
  • svc_option: CAN_BE_NULL or CAN_NOT_BE_NULL

The service_name field corresponds to the REAL name of the service. This name can be obtained by:

  1. launching Services control panel (in Administrative tools)
  2. selecting the desired service
  3. opening properties dialog box (right click -> properties)
  4. extracting the “Service name” part

The service permission setting can be checked with a SERVICE_PERMISSIONS item.




description: "Background Intelligent Transfer Service"

value_type: SERVICE_SET

value_data: "Disabled"

service_name: "BITS"


Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.