Re: Windows Server 2003 SP1 SCM Permissions
From: Prasad Dabak (pdabak_at_yahoo.com)
Date: 04/19/05
- Next message: Jon: "Windows 2003 hacked?"
- Previous message: Niel Bullock: "Re: WMI Date works on XP but not 2000 Server"
- In reply to: Andrew: "Re: Windows Server 2003 SP1 SCM Permissions"
- Next in thread: PaulD: "Re: Windows Server 2003 SP1 SCM Permissions"
- Reply: PaulD: "Re: Windows Server 2003 SP1 SCM Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Apr 2005 21:32:06 -0700
You can query/change the permissions on SCM by using
QueryServiceObjectSecurity and SetServiceObjectSecurity API calls. You
need to pass handle returned by OpenSCManager call to these functions
to get/set security on SCM..
NOTE: These APIs work with SCM handle only if you have Windows 2003
SP1. Otherwise these APIs fail.
-Prasad
"Andrew" <asftAndrew(replace){at}yahoo.com> wrote in message news:<ul3f4zARFHA.2964@TK2MSFTNGP15.phx.gbl>...
> Thanks, hopefully someone will find a solution soon. The MSDN article you
> referenced in your other post states the ACL on the SCM can be changed, but
> doesn't detail how to do so. Maybe in time the docuemation will be
> updated...
>
> --Andrew
>
>
> "Prasad Dabak" <pdabak@yahoo.com> wrote in message
> news:96ca2fd2.0504180319.4da94cc7@posting.google.com...
> > Yes, SP1 broke our application due to same problem. I dumped the
> > security descriptor of the SCM and it has SC_CONNECT permissions for
> > "Authenticated Users" group. AFAIK, the domain user should implicitly
> > belong to this group. However, it still doesn't seem to work.
> >
> > I posted a message about the same at
> >
> > http://groups.google.co.in/groups?hl=en&lr=&threadm=96ca2fd2.0504172130.31ce07ed%40posting.google.com&prev=/groups%3Fhl%3Den%26lr%3D%26group%3Dmicrosoft.public.windows.server.general
> >
> > No reponse yet :-(
> >
> > -Prasad
> >
> >
> > "Andrew" <asftAndrew(replace){at}yahoo.com> wrote in message
> > news:<#HEOEQ7QFHA.3188@TK2MSFTNGP10.phx.gbl>...
> >> Hello,
> >> I was wondering if anyone noticed that the permissions on the Service
> >> Control Manager seem to have changed after installing Windows Server 2003
> >> SP1. Before I could remotely monitoring services on my servers using a
> >> standard domain user account. After installing SP1, I can no longer
> >> monitor
> >> any services unless I am a local administrator on the machine.
> >>
> >> Any thoughts? I could not find any documentation in the SP1 files and
> >> this
> >> does not appear to be DCOM or RPC issue as per the Security event log I
> >> am
> >> successfully authenticating, just not authorized.
> >>
> >> Thanks,
> >> Andrew
- Next message: Jon: "Windows 2003 hacked?"
- Previous message: Niel Bullock: "Re: WMI Date works on XP but not 2000 Server"
- In reply to: Andrew: "Re: Windows Server 2003 SP1 SCM Permissions"
- Next in thread: PaulD: "Re: Windows Server 2003 SP1 SCM Permissions"
- Reply: PaulD: "Re: Windows Server 2003 SP1 SCM Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
