Re: Service / Access Rights
- From: "Skywing" <skywing_NO_SPAM_@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 21 Oct 2005 13:33:53 -0400
Just to add to this, there is rarely a legitimate need to change the
security descriptor for a service. Custom control codes via
ControlService() are usuaully entirely inadequate for anything that involves
interacting with the service.
The only reason I've ever found to modify a service SD is to give the user
account the service is running under access to restart the service.
"Kellie Fitton" <KELLIEFITTON@xxxxxxxxx> wrote in message
news:1129913339.625031.51070@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> Well, service process should not display an icon in the system tray,
> any service program that present a GUI's interFace are a significant
> security risk, just create a small GUI application which communicates
> with your service using a named pipe for example, then let that helper
> application manage the tray icon for the service.
>
> Also, if you are going to modify the DACL for the service process
> as Alex recommended, use the API SetNamedSecurityInfo() instead of
> SetServiceObjectSecurity(), this is advised by microSoft.
>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/setnamedsecurityinfo.asp
>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/setserviceobjectsecurity.asp
>
> Hope these information helps,
>
> Kellie.
>
.
- Prev by Date: Re: "Manually" load an Exe
- Next by Date: operator new[] fails in DLL when being called from within VB6 process
- Previous by thread: Re: Service / Access Rights
- Next by thread: Re: Service / Access Rights
- Index(es):
