windows services question
in [Win32 Kernel]
|
Prev: Authenciate application to write in a flash drive
Next: Updating file version number using UpdateResource
From: Missy on 3 Jul 2008 04:45 Hi Larry, do you have sample code in enabling the SE_DEBUG_PRIVILEGE? This is what I need in my code. Thanks a lot! "Larry Smith" wrote: > > Well, they would be unable to kill a service process from the Task > > Manager, because > > services run under the LocalSystem account, so that other users cannot > > open a handle > > with "terminate" access to it. Task Manager does not seem to do > > anything in order to assign itself the token of a system account even > > if it runs under the account with Admin rights, so that users would be > > unable to terminate a process via it. > > You can terminate a service as an administrator or anyone else for that > matter. You simply need the "SeDebugPrivilege" in your token which only > administrators have by default (system account is also an administrator > BTW). The trick is to enable it first since most privileges are disabled by > default even for administrators. This is the reason why administrators can't > terminate a service from the task manager normally. The privilege exists in > their token but they simply have to enable it first (which is very simple to > do in code). > > >
From: Volodymyr M. Shcherbyna on 3 Jul 2008 05:23
http://groups.google.com/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/5741db7b6a2f4ce0/566e451dbc2b1870?lnk=gst&q=debug+priviliges#566e451dbc2b1870 -- Volodymyr, blog: http://www.shcherbyna.com/ (This posting is provided "AS IS" with no warranties, and confers no rights) "Missy" <Missy(a)discussions.microsoft.com> wrote in message news:BF5C0687-37CB-4243-BEE3-4F90EFAF6D4B(a)microsoft.com... > Hi Larry, > do you have sample code in enabling the SE_DEBUG_PRIVILEGE? > This is what I need in my code. Thanks a lot! > > "Larry Smith" wrote: > >> > Well, they would be unable to kill a service process from the Task >> > Manager, because >> > services run under the LocalSystem account, so that other users cannot >> > open a handle >> > with "terminate" access to it. Task Manager does not seem to do >> > anything in order to assign itself the token of a system account even >> > if it runs under the account with Admin rights, so that users would be >> > unable to terminate a process via it. >> >> You can terminate a service as an administrator or anyone else for that >> matter. You simply need the "SeDebugPrivilege" in your token which only >> administrators have by default (system account is also an administrator >> BTW). The trick is to enable it first since most privileges are disabled >> by >> default even for administrators. This is the reason why administrators >> can't >> terminate a service from the task manager normally. The privilege exists >> in >> their token but they simply have to enable it first (which is very simple >> to >> do in code). >> >> >> |