RE: Credential used when starting Windows Services during computer
From: Julien (Julien_at_discussions.microsoft.com)
Date: Sat, 10 Jul 2004 11:27:01 -0700
First of all thanks for the answer!
Regarding the "Telnet" service, it is like any other service, its settings in the GPO is set to "Not defined" which apparently means that Everybody can start/stop the service!
Am I wrong on this point?
I also wanted to know if there was a good tool which enables us to start/stop remote services on a DC!
I tried "psservice" but I get the feeling it has a bug regarding the way credentials are managed!
Is there a link where I could find more info on IPC and RPC used in Win2k/winXP?
Thanks for any help!
"Matthew Mucker [MSFT]" wrote:
> Each service has its own setting for the user account under which it runs.
> You can view and set each service's properties using the Services MMC (run
> services.msc). Don't change the setting of services unless you know what
> you're doing.
> As to your user problems: are you saying that any user can start the telnet
> service on your DC? Or do you mean that any user can establish a telnet
> session to your DC? If the telnet service is running on your DC, it will
> answer any client that tries to connect to it. (Telnet then requires a
> username and password to do further work, of course.)
> This posting is provided "AS IS" with no warranties, and confers no rights.
> >Thread-Topic: Credential used when starting Windows Services during
> computer sta
> >thread-index: AcRj17fdwZQxPC8IT96drf0cjthrMA==
> >X-WBNR-Posting-Host: 18.104.22.168
> >From: =?Utf-8?B?SnVsaWVu?= <Julien@discussions.microsoft.com>
> >Subject: Credential used when starting Windows Services during computer sta
> >Date: Tue, 6 Jul 2004 21:06:02 -0700
> >Lines: 12
> >Message-ID: <DD4AEEC5-83CA-450D-8A37-7BEDA06C8F0E@microsoft.com>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.win2000.security
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.security:29140
> >X-Tomcat-NG: microsoft.public.win2000.security
> >I would like to know what credentials are used when the services (set up
> to be started automatically at machine startup) are run during Win2K &
> WinXP workstation/server startup!
> >Is the computer account used or is it the Local System account that is
> used to do that?
> >I ask you that cause I noticed that any kind of user on my domain was able
> to launch remotely a service like "Telnet" on my DC without any credential
> >Which is to my mind not very secure!
> >How does most people do regarding this matter?
> >Thanks in advance for any kind of help.