"security key"

  • Thread starter Thread starter sebastien
  • Start date Start date
S

sebastien

hello,

hello, in this example, how we calculate this key ? is it once per
software ?


reg add "\\%CPNAM%\HKLM\SYSTEM\CurrentControlSet\Services\OpenSSHd
\Security" /v Security /t REG_BINARY /d
"01001480C0000000CC0000001400000034000000020020000100000002801800FF010F000101000000000001000000002002000002008C0005000000000018008D0102000101000000000001000000007200760000001C00FD010200010200000000000520000000230200007300760000001C00FF010F00010200000000000520000000200200007300760000001C00FF010F00010200000000000520000000250200007300760000001800FD01020001010000000000051200000025020000010100000000000512000000010100000000000512000000" /
f
::###
 
[email protected] said:
hello, in this example, how we calculate this key ? is it once per
software ?


reg add "\\%CPNAM%\HKLM\SYSTEM\CurrentControlSet\Services\OpenSSHd\Security"
/v Security /t REG_BINARY /d
"01001480C0000000CC0000001400000034000000020020000100000002801800FF010F000101000000000001000000002002000002008C0005000000000018008D0102000101000000000001000000007200760000001C00FD010200010200000000000520000000230200007300760000001C00FF010F00010200000000000520000000200200007300760000001C00FF010F00010200000000000520000000250200007300760000001800FD01020001010000000000051200000025020000010100000000000512000000010100000000000512000000"
/f
Click to expand...

That controls which users can e.g. start and stop the service.
Often you can leave this out and let Windows use its defaults.
IIRC, the value is formatted as a self-relative security
descriptor. However the documented way of setting it is with
the SetServiceObjectSecurity function, rather than by writing
directly to the Registry.

* Service Security and Access Rights
http://msdn.microsoft.com/library/ms685981.aspx
Lists the rights you can grant here, and the defaults.

* Modifying the DACL for a Service
http://msdn.microsoft.com/library/ms684215.aspx
An example about SetServiceObjectSecurity.

* ConvertSecurityDescriptorToStringSecurityDescriptor Function
http://msdn.microsoft.com/library/aa376397.aspx
Converts a security descriptor to a string that is easier to
understand than the hexadecimal numbers.

* !sd
http://msdn.microsoft.com/library/cc266947.aspx
A debugger extension command to display a security descriptor.
Saves you from having to write your own program for this.

* Permission Element
http://wix.sourceforge.net/manual-wix2/wix_xsd_permission.htm
Windows Installer does not itself support setting access control
lists for services, but WiX has custom actions for that.

Note, you should be careful about granting SERVICE_CHANGE_CONFIG.
A user with this access right can change the service to run a
program of his/her choosing, and also to execute with LocalSystem
permissions and all privileges. So when the service next starts,
he/she would then have unlimited access to the computer.

Followups set to microsoft.public.platformsdk.security.
 
Back
Top