Re: windows services question

You simply need the "SeDebugPrivilege" in your token which only administrators
have by default

This is wrong....

Only LocalSystem and Admins have this privilege in their tokens, in the
first place. It is disabled for Admins by default, but enabled for
LocalSystem, because the system must be able to open any process for
any access....

system account is also an administrator BTW

This is wrong as well....

The trick is to enable it first

Exactly, but Task Manager does not do it - this is why you cannot
terminate a process
that runs under the LocalSystem account, via it...

However, if some third-party app does it, there is nothing that OP can
do about it


Anton Bassov

Larry Smith wrote:
Well, they would be unable to kill a service process from the Task
Manager, because
services run under the LocalSystem account, so that other users cannot
open a handle
with "terminate" access to it. Task Manager does not seem to do
anything in order to assign itself the token of a system account even
if it runs under the account with Admin rights, so that users would be
unable to terminate a process via it.

You can terminate a service as an administrator or anyone else for that
matter. You simply need the "SeDebugPrivilege" in your token which only
administrators have by default (system account is also an administrator
BTW). The trick is to enable it first since most privileges are disabled by
default even for administrators. This is the reason why administrators can't
terminate a service from the task manager normally. The privilege exists in
their token but they simply have to enable it first (which is very simple to
do in code).

.

Relevant Pages

  • Re: windows services question
    ... Only LocalSystem and Admins have this privilege in their tokens, ... about the "LocalSystem" account in this regard. ... member of the Administrators group can easily enable SeDebugPrivilege if it ...
    (microsoft.public.win32.programmer.kernel)
  • Re: How to create process as NT AUTHORITYLOCAL SERVICE
    ... CreateProcess (cmdasuser does exactly this when requesting localsystem ... this account so it seems doubtful that "LogonUser" can be applied. ... their tokens are the same as all other tokens). ...
    (microsoft.public.platformsdk.security)
  • Re: Problem when running Windows Service in Local System account
    ... You could ofcourse go into the registry for the users account and fetch the settings from there, but there is a big chance you need more than the portnumber and host of the proxy. ... It will never work when running OnlineBackupService.exe as LocalSystem. ... Do they have a security policy enforced, firewalls installed, do they use a proxy server, do they have advanced anti-virus solutions installed? ... Some LocalSystem profiles miss a certain flag allowing them to resolve domain names? ...
    (microsoft.public.dotnet.general)
  • Re: UnauthorizedAccessException in service. Confused
    ... > The account the serviceinstaller was set up to use was "LocalService". ... > 2) Read/write a log file in a directory selected by the user. ... > Will LocalSystem be ample to do this task without errors please? ... > Why would writing to my log file work ok and yet not the other ones when I ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How to specify current logged in user for File Open dialog?
    ... Someone thinks it needs to run under LocalSystem ... not a login account; it is a funny user account that has LOTS of features missing that ... The problem is that you have thought of a service as being an interactive user program, ... interface with some service gingerbread and pretend it is a service. ...
    (microsoft.public.vc.mfc)
Loading