liegt an verstärkten Sicherheitseinstellungen beim 2k3 SP1 steht auch in der Beschreibung bei joeware so:
To add to the story, Microsoft made an update to Windows Server 2003 SP1 that made it so you could change the SCM ACL. This was previously not something that could be done. When they did this, they locked down who could do remote enumeration of the Services. Because most everyone opened the SCM with GENERIC_READ, this means most tools (including Microsoft's own tools pre-K3SP1) used to access the SCM broke unless the user was an administrator on the server. Even if the specific services were delegated to the some non-admin user, unless the SCM was opened properly, they wouldn't be able to control those services remotely which resulted in admins giving out admin rights again or giving interactive logon rights to servers and having the non-admins logging directly into the servers to control their one service. I understand why MS went this direction, but unfortunately it didn't seem to be fully thought out as it probably should have been more widely announced so people understood what was going on, this has broken quite a few people.