如何将服务SID添加到服务? [英] How to add a service SID to a service?

问题描述

我有一个内置有TCP/IP服务器的Windows服务.客户端和连接，并且一些信息已分发等.通常，该服务被安装为以网络服务身份登录.

I have a windows service with a TCP/IP server built in. Clients and connect and some information is distributed etc. Typically the service is installed to log on as Network Service.

有些数据存储在ProgramData下的文件夹中，因此在安装过程中授予了对该文件夹的读/写访问权限.但是，因此通常使用网络服务帐户将访问权限授予所有服务.我了解可以使用 ChangeServiceConfig2 和SERVICE_CONFIG_SERVICE_SID_INFO.但是从那里根本不清楚如何进行操作，甚至还不能解决我的问题.

There is some data that is stored in a folder under ProgramData and read/write access to that folder is therefor granted to the service during installation. However, access is thus typically granted to all services using the Network Service account. I understand that it is possible to add a specific service SID using ChangeServiceConfig2 with SERVICE_CONFIG_SERVICE_SID_INFO. From there it is however not at all clear how to proceed and if this is even a solution to my problem.

任何帮助将不胜感激！

推荐答案

这称为 SERVICE_SID_INFO <具有SID类型的/a>结构指示SCM将服务SID添加到服务的过程令牌中，从而使服务能够访问您可能已配置为仅允许访问特定服务的资源. 您也可以使用sc命令

This is called Service Isolation. Specifying with SERVICE_CONFIG_SERVICE_SID_INFO parameter with SERVICE_SID_INFO structure with the SID type instructs the SCM to add the service SID to the service's process token, thus allowing the service to gain access to resources that you may have configured to allow access only to your specific service. Also you may use sc command

sc <server> sidtype [service name] [type]

OPTIONS:
 type = <none|unrestricted|restricted>

sc <server> qsidtype [service name]

这篇关于如何将服务SID添加到服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！