Re: Windows Server 2003 SP1 SCM Permissions
From: PaulD (nospam)
Date: 04/20/05
- Next message: Joe Richards [MVP]: "Re: Windows Server 2003 SP1 SCM Permissions"
- Previous message: dragunov: "Workgroup users accessing domain shares"
- In reply to: PaulD: "Re: Windows Server 2003 SP1 SCM Permissions"
- Next in thread: Joe Richards [MVP]: "Re: Windows Server 2003 SP1 SCM Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Apr 2005 18:20:01 +0300
ok, i tried your solution. there is some progress.
i dumped users which have rights to SMC. here they are
Authenticated Users
INTERACTIVE
SERVICE
SYSTEM
Administrators
next step for me is to try clone rights from INTERACTIVE to Authenticated
Users
"PaulD" <nospam> wrote in message
news:uthM8SYRFHA.3444@tk2msftngp13.phx.gbl...
> how did you dump SCM security?
>
>
> "Prasad Dabak" <pdabak@yahoo.com> wrote in message
> news:96ca2fd2.0504182032.2fae2c0b@posting.google.com...
>> You can query/change the permissions on SCM by using
>> QueryServiceObjectSecurity and SetServiceObjectSecurity API calls. You
>> need to pass handle returned by OpenSCManager call to these functions
>> to get/set security on SCM..
>>
>> NOTE: These APIs work with SCM handle only if you have Windows 2003
>> SP1. Otherwise these APIs fail.
>>
>> -Prasad
>>
>> "Andrew" <asftAndrew(replace){at}yahoo.com> wrote in message
>> news:<ul3f4zARFHA.2964@TK2MSFTNGP15.phx.gbl>...
>>> Thanks, hopefully someone will find a solution soon. The MSDN article
>>> you
>>> referenced in your other post states the ACL on the SCM can be changed,
>>> but
>>> doesn't detail how to do so. Maybe in time the docuemation will be
>>> updated...
>>>
>>> --Andrew
>>>
>>>
>>> "Prasad Dabak" <pdabak@yahoo.com> wrote in message
>>> news:96ca2fd2.0504180319.4da94cc7@posting.google.com...
>>> > Yes, SP1 broke our application due to same problem. I dumped the
>>> > security descriptor of the SCM and it has SC_CONNECT permissions for
>>> > "Authenticated Users" group. AFAIK, the domain user should implicitly
>>> > belong to this group. However, it still doesn't seem to work.
>>> >
>>> > I posted a message about the same at
>>> >
>>> > http://groups.google.co.in/groups?hl=en&lr=&threadm=96ca2fd2.0504172130.31ce07ed%40posting.google.com&prev=/groups%3Fhl%3Den%26lr%3D%26group%3Dmicrosoft.public.windows.server.general
>>> >
>>> > No reponse yet :-(
>>> >
>>> > -Prasad
>>> >
>>> >
>>> > "Andrew" <asftAndrew(replace){at}yahoo.com> wrote in message
>>> > news:<#HEOEQ7QFHA.3188@TK2MSFTNGP10.phx.gbl>...
>>> >> Hello,
>>> >> I was wondering if anyone noticed that the permissions on the
>>> >> Service
>>> >> Control Manager seem to have changed after installing Windows Server
>>> >> 2003
>>> >> SP1. Before I could remotely monitoring services on my servers using
>>> >> a
>>> >> standard domain user account. After installing SP1, I can no longer
>>> >> monitor
>>> >> any services unless I am a local administrator on the machine.
>>> >>
>>> >> Any thoughts? I could not find any documentation in the SP1 files and
>>> >> this
>>> >> does not appear to be DCOM or RPC issue as per the Security event log
>>> >> I
>>> >> am
>>> >> successfully authenticating, just not authorized.
>>> >>
>>> >> Thanks,
>>> >> Andrew
>
>
- Next message: Joe Richards [MVP]: "Re: Windows Server 2003 SP1 SCM Permissions"
- Previous message: dragunov: "Workgroup users accessing domain shares"
- In reply to: PaulD: "Re: Windows Server 2003 SP1 SCM Permissions"
- Next in thread: Joe Richards [MVP]: "Re: Windows Server 2003 SP1 SCM Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
