NewsArchive
02-23-2016, 02:18 AM
Hello all,
here are some questions about the privileges of / for a program, that is meant
to runs as a Service.
Does a Service require to be an Administrator?
Can a service be run or started by a local user?
I came across this article:
-------------------------------------------------------
Don't add service accounts to the local Administrators group
...
Bottom line: Service accounts should have the absolute minimum privileges
needed in order for the server application to run. Whenever possible, use one
of the lower-privileged built-in service accounts: LocalService or
NetworkService. If you must create a new service account, don't make it a
member of the local Administrators group on the server as this will give your
service account too many privileges, potentially increasing the attack surface
of your server.
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/Security/DontaddserviceaccountstothelocalAdministratorsgrou p.html
-------------------------------------------------------
The Installer.EXE needs to be set to requireAdministrator in case the
destination is "C:\Program Files".
If installed with Admin-privileges, is the Service then an Admin program, too?
Should a local user be able to stop and start a Service?
I plan to have a Service Manager to fiddle with start and stop. I better know
before, whom I give permission to use it.
Those question may have been asked many times before, but I have no idea where
to find. And Auntie Google spits out lots of trash about this topic. Or I have
asked the wrong questions.
Thanks in advance!
Wolfgang Orth
www.odata.de
.
here are some questions about the privileges of / for a program, that is meant
to runs as a Service.
Does a Service require to be an Administrator?
Can a service be run or started by a local user?
I came across this article:
-------------------------------------------------------
Don't add service accounts to the local Administrators group
...
Bottom line: Service accounts should have the absolute minimum privileges
needed in order for the server application to run. Whenever possible, use one
of the lower-privileged built-in service accounts: LocalService or
NetworkService. If you must create a new service account, don't make it a
member of the local Administrators group on the server as this will give your
service account too many privileges, potentially increasing the attack surface
of your server.
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/Security/DontaddserviceaccountstothelocalAdministratorsgrou p.html
-------------------------------------------------------
The Installer.EXE needs to be set to requireAdministrator in case the
destination is "C:\Program Files".
If installed with Admin-privileges, is the Service then an Admin program, too?
Should a local user be able to stop and start a Service?
I plan to have a Service Manager to fiddle with start and stop. I better know
before, whom I give permission to use it.
Those question may have been asked many times before, but I have no idea where
to find. And Auntie Google spits out lots of trash about this topic. Or I have
asked the wrong questions.
Thanks in advance!
Wolfgang Orth
www.odata.de
.