Get-ServicePermissions.ps1

$Services = Get-WMIObject -Class Win32_Service
$Script:Out = @()
$Script:isWriteable = $False
Function Check-ACL ($Service, $ACLs, $Type, $Label) {
	ForEach ($ACL in $ACLs.Access) {
		# if (('NT AUTHORITY\SYSTEM','NT AUTHORITY\IUSR','BUILTIN\Administrators','NT SERVICE\TrustedInstaller','CREATOR OWNER','NT AUTHORITY\LOCAL SERVICE','NT AUTHORITY\NETWORK SERVICE') -notcontains $ACL.IdentityReference) {
		if (('BUILTIN\Users','Everyone','DOMAIN\Domain Users') -contains $ACL.IdentityReference) {
			# Not the usual suspects.. does anyone have full, write or modify access?
			if ($ACL.FileSystemRights -match [System.Security.AccessControl.FileSystemRights]::FullControl -or `
				$ACL.FileSystemRights -match [System.Security.AccessControl.FileSystemRights]::Write -or `
				$ACL.FileSystemRights -match [System.Security.AccessControl.FileSystemRights]::Modify) {
				if ($Type -eq 'Folder') {
                    $res = "FOLDER: $Label [$($Service.DisplayName)] $($ACL.IdentityReference)  $($ACL.FileSystemRights)"
                    if ($Script:Out -notcontains $res) { $Script:Out += $res }
				} else {
					$Script:Out += "SERVICE: $($Service.DisplayName) $Label  $($ACL.IdentityReference)  $($ACL.FileSystemRights)"
				}
				$Script:isWriteable = $true
			}
		}
	}
}

ForEach ($Service in $Services) {
	if ($Service.Name -eq 'msiserver') { continue } # thanks, Microsoft
	if ($Service.PathName -like 'C:\Windows\system32\svchost *') { continue } # thanks, Microsoft
	$EXEName = ($Service.PathName -replace '^(".*?"|[^"]*? ).*$', '$1').Replace('"','')
	$Folder = Split-Path $EXEName -Parent
	If (Test-Path $Folder) { Check-ACL -Service $Service -ACLs (Get-ACL $Folder -ErrorAction Stop) -Type Folder -Label $Folder }
	if (Test-Path $EXENAME) { Check-ACL -Service $Service -ACLs (Get-ACL $EXENAME -ErrorAction Stop) -Type File -Label $EXENAME }
}
if ($Script:isWriteable) {
	$Script:Out | Out-String -Width 250
} else {
	$true
}