From: David F. on
thanks ...

""Jialiang Ge [MSFT]"" <jialge(a)online.microsoft.com> wrote in message
news:d6QzuRpuKHA.888(a)TK2MSFTNGHUB02.phx.gbl...
> Hello David
>
> Could you please ask your customer to dump the security descriptor of the
> service by using Sysinternals tool AccessChk
> http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx
>
> For example, I dump the security attributes of a built Windows Service
> (Fax) that allows everyone to start the service.
>
> C:\Windows\system32>accesschk -C -v Fax
<snip>


From: David F. on
For some the new version allowed it to work but someone else says it doesn't
and came back with:
Medium Mandatory Level (Default) [No-Write-Up]
RW AUTORITE NT\SYSTEM
SERVICE_ALL_ACCESS
RW BUILTIN\Administrateurs
SERVICE_ALL_ACCESS
R AUTORITE NT\INTERACTIF
SERVICE_QUERY_STATUS
SERVICE_QUERY_CONFIG
SERVICE_INTERROGATE
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL
R AUTORITE NT\SERVICE
SERVICE_QUERY_STATUS
SERVICE_QUERY_CONFIG
SERVICE_INTERROGATE
SERVICE_ENUMERATE_DEPENDENTS
SERVICE_USER_DEFINED_CONTROL
READ_CONTROL

""Jialiang Ge [MSFT]"" <jialge(a)online.microsoft.com> wrote in message
news:d6QzuRpuKHA.888(a)TK2MSFTNGHUB02.phx.gbl...
> Hello David
>
> Could you please ask your customer to dump the security descriptor of the
> service by using Sysinternals tool AccessChk
> http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx
>
> For example, I dump the security attributes of a built Windows Service
> (Fax) that allows everyone to start the service.
>
> C:\Windows\system32>accesschk -C -v Fax
>
> Accesschk v4.23 - Reports effective permissions for securable objects
> Copyright (C) 2006-2008 Mark Russinovich
> Sysinternals - www.sysinternals.com
>
> Fax
> Medium Mandatory Level (Default) [No-Write-Up]
> R Everyone
> SERVICE_QUERY_STATUS
> SERVICE_START
> R NT SERVICE\Fax
> SERVICE_QUERY_STATUS
> SERVICE_QUERY_CONFIG
> SERVICE_INTERROGATE
> SERVICE_ENUMERATE_DEPENDENTS
> SERVICE_PAUSE_CONTINUE
> SERVICE_START
> SERVICE_STOP
> SERVICE_USER_DEFINED_CONTROL
> READ_CONTROL
> RW BUILTIN\Administrators
> SERVICE_ALL_ACCESS
> R NT AUTHORITY\Authenticated Users
> SERVICE_QUERY_STATUS
> SERVICE_QUERY_CONFIG
> SERVICE_INTERROGATE
> SERVICE_ENUMERATE_DEPENDENTS
> SERVICE_USER_DEFINED_CONTROL
> READ_CONTROL
>
> The output shows that everyone can start the service:
>
> R Everyone
> SERVICE_QUERY_STATUS
> SERVICE_START
>
> This can help us identify whether the security was set rightly.
>
>
> Regards,
> Jialiang Ge
> Microsoft Online Community Support
>
> =================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> =================================================
>
>