"security key"

S

sebastien

hello,

hello, in this example, how we calculate this key ? is it once per
software ?


reg add "\\%CPNAM%\HKLM\SYSTEM\CurrentControlSet\Services\OpenSSHd
\Security" /v Security /t REG_BINARY /d
"01001480C0000000CC0000001400000034000000020020000100000002801800FF010F000101000000000001000000002002000002008C0005000000000018008D0102000101000000000001000000007200760000001C00FD010200010200000000000520000000230200007300760000001C00FF010F00010200000000000520000000200200007300760000001C00FF010F00010200000000000520000000250200007300760000001800FD01020001010000000000051200000025020000010100000000000512000000010100000000000512000000" /
f
::###
 
K

Kalle Olavi Niemitalo

hello, in this example, how we calculate this key ? is it once per
software ?


reg add "\\%CPNAM%\HKLM\SYSTEM\CurrentControlSet\Services\OpenSSHd\Security"
/v Security /t REG_BINARY /d
"01001480C0000000CC0000001400000034000000020020000100000002801800FF010F000101000000000001000000002002000002008C0005000000000018008D0102000101000000000001000000007200760000001C00FD010200010200000000000520000000230200007300760000001C00FF010F00010200000000000520000000200200007300760000001C00FF010F00010200000000000520000000250200007300760000001800FD01020001010000000000051200000025020000010100000000000512000000010100000000000512000000"
/f

That controls which users can e.g. start and stop the service.
Often you can leave this out and let Windows use its defaults.
IIRC, the value is formatted as a self-relative security
descriptor. However the documented way of setting it is with
the SetServiceObjectSecurity function, rather than by writing
directly to the Registry.

* Service Security and Access Rights
http://msdn.microsoft.com/library/ms685981.aspx
Lists the rights you can grant here, and the defaults.

* Modifying the DACL for a Service
http://msdn.microsoft.com/library/ms684215.aspx
An example about SetServiceObjectSecurity.

* ConvertSecurityDescriptorToStringSecurityDescriptor Function
http://msdn.microsoft.com/library/aa376397.aspx
Converts a security descriptor to a string that is easier to
understand than the hexadecimal numbers.

* !sd
http://msdn.microsoft.com/library/cc266947.aspx
A debugger extension command to display a security descriptor.
Saves you from having to write your own program for this.

* Permission Element
http://wix.sourceforge.net/manual-wix2/wix_xsd_permission.htm
Windows Installer does not itself support setting access control
lists for services, but WiX has custom actions for that.

Note, you should be careful about granting SERVICE_CHANGE_CONFIG.
A user with this access right can change the service to run a
program of his/her choosing, and also to execute with LocalSystem
permissions and all privileges. So when the service next starts,
he/she would then have unlimited access to the computer.

Followups set to microsoft.public.platformsdk.security.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top