NTFS/registry permissions for a service-specific SID

Posted: 08-03-2006, 05:24 PM
Hello:

Possible to assign NTFS/registry permissions to a service-specific SID other
than running that service as a user account or as Local System? I know that
that SID is assigned dynamically at start-up, and that there is a 1:1
mapping from service name to that SID, but it appears you can just assign
NTFS/registry permissions to the service name.

I've seen
http://www.microsoft.com/technet/win...cfeat.mspx#EHF
and the PPT slides from the PDC conference, but no mention of how to change
permissions with SC.EXE for a service (to change user rights, yes, but not
perms).

Thank You!






NTFS/registry permissions for a service-specific SID


Responses to "NTFS/registry permissions for a service-specific SID"

Sharon2323
Guest
Posts: n/a
 
Re: NTFS/registry permissions for a service-specific SID
Posted: 08-03-2006, 05:34 PM
CORRECTION:
> but it appears you can just assign...
but it appears you cannot just assign...



Joe Richards [MVP]
Guest
Posts: n/a
 
Re: NTFS/registry permissions for a service-specific SID
Posted: 08-05-2006, 07:28 PM
I am not exactly sure what you are saying here. Services run under the
service context of either a user ID or a well known security principal
such as LocalSystem, LocalService, or Network Service. There is not a
SID assigned to individual service applications.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Sharon2323 wrote:
> Hello:
>
> Possible to assign NTFS/registry permissions to a service-specific SID other
> than running that service as a user account or as Local System? I know that
> that SID is assigned dynamically at start-up, and that there is a 1:1
> mapping from service name to that SID, but it appears you can just assign
> NTFS/registry permissions to the service name.
>
> I've seen
> http://www.microsoft.com/technet/win...cfeat.mspx#EHF
> and the PPT slides from the PDC conference, but no mention of how to change
> permissions with SC.EXE for a service (to change user rights, yes, but not
> perms).
>
> Thank You!
>
>
>
>
>
>
Joe Richards [MVP]
Guest
Posts: n/a
 
Re: NTFS/registry permissions for a service-specific SID
Posted: 08-05-2006, 07:31 PM
Ah hold on, I didn't realize I had clicked on the vista group, I was
shooting for win2000.security which is just above this one in my current
config of Thunderbird. I did hear rumours about this for Vista but I
haven't seen any real documentation and haven't debugged it to check
what was actually done.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Joe Richards [MVP] wrote:
> I am not exactly sure what you are saying here. Services run under the
> service context of either a user ID or a well known security principal
> such as LocalSystem, LocalService, or Network Service. There is not a
> SID assigned to individual service applications.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
> Sharon2323 wrote:
>> Hello:
>>
>> Possible to assign NTFS/registry permissions to a service-specific SID
>> other
>> than running that service as a user account or as Local System? I
>> know that
>> that SID is assigned dynamically at start-up, and that there is a 1:1
>> mapping from service name to that SID, but it appears you can just assign
>> NTFS/registry permissions to the service name.
>>
>> I've seen
>> http://www.microsoft.com/technet/win...cfeat.mspx#EHF
>>
>> and the PPT slides from the PDC conference, but no mention of how to
>> change
>> permissions with SC.EXE for a service (to change user rights, yes, but
>> not
>> perms).
>>
>> Thank You!
>>
>>
>>
>>
>>
>>
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I get Explorer to open to a specific folder? Abe Klagsbrun Windows Vista File Management 6 08-04-2007 12:00 AM
how do I search for specific file types? Danno111 Windows Vista File Management 4 03-28-2007 11:43 PM
Do NTFS File Permissions migrate with Acronis backups to different drives ?? Synapse Syndrome Windows Vista File Management 3 02-20-2007 09:46 PM
NTFS Security Permissions (HOW TO RESET?) Mike (Bryett Enterprise LTD) Windows Vista Security 4 06-14-2006 05:54 PM
Anything new for Vista's NTFS? Malcolm Smith [MS] Windows Vista File Management 1 04-24-2006 05:50 AM