RE: Monitor Services on Windows machines

From: Kolde, Jennifer E. (jkolde@nosc.mil)
Date: 02/25/03

Next message: H C: "Re: Monitor Services on Windows machines"

Previous message: Nicko Demeter: "RE: Monitor Services on Windows machines"
Maybe in reply to: MOHESOWA BYAS: "Monitor Services on Windows machines"
Next in thread: H C: "Re: Monitor Services on Windows machines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Kolde, Jennifer E." <jkolde@nosc.mil>
To: 'MOHESOWA BYAS' <byasmohesowa@sbm.intnet.mu>, focus-ms@securityfocus.com
Date: Mon, 24 Feb 2003 15:17:27 -0800

You can use the Resource Kit utility sc.exe to query the status of a service
(or all services) on a local or remote host.

With Windows 2000 and later, it is possible to set permissions on services
to control who can start, stop, or view the status of a service. I don't
recall whether this capability is supported on NT or not.

With 2K and XP, the interface to manage service permissions is not obvious.
One method is to use the Windows Security Templates to define service
permissions. You'll need to load the Security Templates snap-in to a blank
MMC to view the options. There is a section called System Services;
expanding this and double-clicking on any service will give you the option
to click an "Edit Security" button that allows you to set ACLs.

The templates can then be applied to a system using the Security
Configuration and Analysis snap-in.

You can also use the Resource Kit utility svcacls.exe to set permissions
from the command line.

Regards,
Jennifer

-----Original Message-----
From: MOHESOWA BYAS [mailto:byasmohesowa@sbm.intnet.mu]
Sent: Friday, February 21, 2003 1:30 AM
To: focus-ms@securityfocus.com
Subject: Monitor Services on Windows machines

Hi,
Is there a way to monitor if services on Win 2K Professional machines have
been stopped or started? Can monitoring be done remotely?

Aim is to monitor that users do not shutdown or start services that they are
not supposed to.

Thanks & Regards
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.F-Secure.com/

Next message: H C: "Re: Monitor Services on Windows machines"
Previous message: Nicko Demeter: "RE: Monitor Services on Windows machines"
Maybe in reply to: MOHESOWA BYAS: "Monitor Services on Windows machines"
Next in thread: H C: "Re: Monitor Services on Windows machines"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]