NTFS/registry permissions for a service-specific SID

  • Thread starter Thread starter Sharon2323
  • Start date Start date
S

Sharon2323

Hello:

Possible to assign NTFS/registry permissions to a service-specific SID other
than running that service as a user account or as Local System? I know that
that SID is assigned dynamically at start-up, and that there is a 1:1
mapping from service name to that SID, but it appears you can just assign
NTFS/registry permissions to the service name.

I've seen
http://www.microsoft.com/technet/windowsvista/evaluate/feat/secfeat.mspx#EHF
and the PPT slides from the PDC conference, but no mention of how to change
permissions with SC.EXE for a service (to change user rights, yes, but not
perms).

Thank You!
 
I am not exactly sure what you are saying here. Services run under the
service context of either a user ID or a well known security principal
such as LocalSystem, LocalService, or Network Service. There is not a
SID assigned to individual service applications.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Ah hold on, I didn't realize I had clicked on the vista group, I was
shooting for win2000.security which is just above this one in my current
config of Thunderbird. I did hear rumours about this for Vista but I
haven't seen any real documentation and haven't debugged it to check
what was actually done.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top