|
|
Darren New wrote:
> And yes, everything has ACLs attached, including all your devices,
> processes, connections, etc etc etc. Everything you can name in the
> kernel has ACLs on it.
I wonder... what do the ACLs on a process do? (Not to be confused with
the security tokens the process has. These presumably control what the
*process* is allowed to do, whereas the ACLs control what *you* can do
to that process.)
>> Anyway, apparently Process Explorer has the power to show _and edit_
>> the ACLs associated with a running service. (It's unclear whether it
>> changes the security token on the running process, or actually changes
>> the service configuration so that it will have the new security
>> *every* time it's run.)
>
> It changes it next time it runs, if you change it from the service
> configuration screens. (You know, the same set of tabs that shows you
> what other services and stuff it depends on, not the "task manager"-like
> stuff. I don't know which PE you're using there.)
I hunted around for ages in there. I found the controls to change the
account the service runs under, but nothing to change the ACLs on the
service.
>> And now I'm wondering... maybe it's a "right" you can set?
>
> That was my second suggestion. It'll likely be in the "user rights
> assignment" list if it is. Maybe domain controllers have more of this
> sort of thing than the individuals?
Even in NT, the User Manager thingy has a panel hidden away somewhere
for controlling password expiration times and such, and another next to
it for controlling... well, I forget exactly. But maybe I'll find
something useful in there? I'll take a look tomorrow.
>> Otherwise, yeah, I'm going to end up writing some horribly hackish
>> script to kill and restart this damned service. :-(
>
> It's that, or learning some deep Windows juju to invoke the LoginUser
> API to change your own ownership when the program runs. Maybe you could
> have a "run as" script?
Well, since I know how to program in C++ now, that should be easy! :-D
(I jest. Obviously.)
> Does this help?
> http://www.codeguru.com/cpp/w-p/system/article.php/c5755
> At least someone else wrote the hacky script for you. :-)
Well, that looks like my backup plan...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|