W
2011-01-27 01:23:01 UTC
First, has any third party come up with a human friendly tool to let the
admin configure permissions for each service running on a Windows system? I
understand in theory that the SC command can set descriptors, but the
descriptor language is not for human beings. At very least it requires too
much time to study the descriptors.
I have an application that has a service permission of:
Administrators: full control
Interactive: read
System: full control
Without understanding the descriptors, I was told that this corresponds to
the command:
SC sdset <servicename>
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSW
LOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
Instead I want this to become:
Administrators: full control
Users: read, start, stop, and pause
System: full control
What is the correct SC command and descriptor to use for the above?
Please note the computer is not a member server in a domain. So I cannot
use GPO.
admin configure permissions for each service running on a Windows system? I
understand in theory that the SC command can set descriptors, but the
descriptor language is not for human beings. At very least it requires too
much time to study the descriptors.
I have an application that has a service permission of:
Administrators: full control
Interactive: read
System: full control
Without understanding the descriptors, I was told that this corresponds to
the command:
SC sdset <servicename>
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSW
LOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
Instead I want this to become:
Administrators: full control
Users: read, start, stop, and pause
System: full control
What is the correct SC command and descriptor to use for the above?
Please note the computer is not a member server in a domain. So I cannot
use GPO.
--
W
W