1- A service that is owned by Local System
2- A service type that is set on Manual
3- Privilege to write to the binary path/Image Path of the Service.
4- Privilege to start and stop the Service.
List all properties related to a serivce
get-item serviceName
get-item wuauserv
List properties of all services in the directory
$services = Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\*
List all services with LocalSystem privileges
$services = Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\*
$services | Where-Object {($_.ObjectName -match 'LocalSystem')}
List all services that can run manually