63jw7PTiR8_XKJRA

I’ve managed to resolve the permissions issue, so the services now show status OK.

In the security descriptor SDDL for the service, I had only granted:

CC — SERVICE_QUERY_CONFIG (request service settings)
LC — SERVICE_QUERY_STATUS (service status polling)
RC — READ_CONTROL
RP — SERVICE_START

I also needed to grant:
LO — SERVICE_INTERROGATE

I also granted enumeration of dependent services although it was not necessary for this instance:
SW — SERVICE_ENUMERATE_DEPENDENTS

The complete DACL entry I appended was as follows (SID truncated):
(A;;CCLCSWRPLORC;;;S-1-5-21-…)

Sam