From: David F. on 7 Mar 2010 18:00 thanks ... ""Jialiang Ge [MSFT]"" <jialge(a)online.microsoft.com> wrote in message news:d6QzuRpuKHA.888(a)TK2MSFTNGHUB02.phx.gbl... > Hello David > > Could you please ask your customer to dump the security descriptor of the > service by using Sysinternals tool AccessChk > http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx > > For example, I dump the security attributes of a built Windows Service > (Fax) that allows everyone to start the service. > > C:\Windows\system32>accesschk -C -v Fax <snip>
From: David F. on 14 Mar 2010 22:44 For some the new version allowed it to work but someone else says it doesn't and came back with: Medium Mandatory Level (Default) [No-Write-Up] RW AUTORITE NT\SYSTEM SERVICE_ALL_ACCESS RW BUILTIN\Administrateurs SERVICE_ALL_ACCESS R AUTORITE NT\INTERACTIF SERVICE_QUERY_STATUS SERVICE_QUERY_CONFIG SERVICE_INTERROGATE SERVICE_ENUMERATE_DEPENDENTS SERVICE_USER_DEFINED_CONTROL READ_CONTROL R AUTORITE NT\SERVICE SERVICE_QUERY_STATUS SERVICE_QUERY_CONFIG SERVICE_INTERROGATE SERVICE_ENUMERATE_DEPENDENTS SERVICE_USER_DEFINED_CONTROL READ_CONTROL ""Jialiang Ge [MSFT]"" <jialge(a)online.microsoft.com> wrote in message news:d6QzuRpuKHA.888(a)TK2MSFTNGHUB02.phx.gbl... > Hello David > > Could you please ask your customer to dump the security descriptor of the > service by using Sysinternals tool AccessChk > http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx > > For example, I dump the security attributes of a built Windows Service > (Fax) that allows everyone to start the service. > > C:\Windows\system32>accesschk -C -v Fax > > Accesschk v4.23 - Reports effective permissions for securable objects > Copyright (C) 2006-2008 Mark Russinovich > Sysinternals - www.sysinternals.com > > Fax > Medium Mandatory Level (Default) [No-Write-Up] > R Everyone > SERVICE_QUERY_STATUS > SERVICE_START > R NT SERVICE\Fax > SERVICE_QUERY_STATUS > SERVICE_QUERY_CONFIG > SERVICE_INTERROGATE > SERVICE_ENUMERATE_DEPENDENTS > SERVICE_PAUSE_CONTINUE > SERVICE_START > SERVICE_STOP > SERVICE_USER_DEFINED_CONTROL > READ_CONTROL > RW BUILTIN\Administrators > SERVICE_ALL_ACCESS > R NT AUTHORITY\Authenticated Users > SERVICE_QUERY_STATUS > SERVICE_QUERY_CONFIG > SERVICE_INTERROGATE > SERVICE_ENUMERATE_DEPENDENTS > SERVICE_USER_DEFINED_CONTROL > READ_CONTROL > > The output shows that everyone can start the service: > > R Everyone > SERVICE_QUERY_STATUS > SERVICE_START > > This can help us identify whether the security was set rightly. > > > Regards, > Jialiang Ge > Microsoft Online Community Support > > ================================================= > This posting is provided "AS IS" with no warranties, and confers no > rights. > ================================================= > >
First
|
Prev
|
Pages: 1 2 Prev: Prevent Dr Watson error handling Next: How are Windows Connected to Processes? |