Just a small question around the Server Operator group permissions.
The section content suggests checking Server Operators permissions for AppReadiness service (which runs as LocalSystem). I checked some other System services like BITS and figured out that the configuration differs. So, I ran the one-liner below and checked the results:
Get-Service | foreach { .\PsService.exe security $_.Name} > .\srv.txt
What I found is that some of LocalSystem services have this Server Operator permissions assignment (camsvc,COMSysApp etc), and some don’t. Just out of curiosity, why there’s such a difference, what is the logic behind? Looks weird.