On Sat, Jan 3, 2009 at 1:37 AM, Zero3 <zero3 at zerosplayground.dk> wrote: > Daniel Cheng skrev: >>>> sc.exe , which is included scince windows 2000 can set the permission. >>>> use `sc sdset` >>>> http://technet.microsoft.com/en-us/library/bb490995.aspx >>>> http://msdn.microsoft.com/en-au/library/aa379570(VS.85).asp >>>> >>>> >>> Nicey. Any command line example? Those docs seems all gibberish to me. >>> >> >> Let's see the windows automatic update serivce: >> >> --------- >> C:\>sc sdshow wuauserv >> D:(A;;CCLCSWRPWPDTLOCRRC;;;SY) >> (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA) >> (A;;CCLCSWLOCRRC;;;AU) >> (A;;CCLCSWRPWPDTLOCRRC;;;PU) >> --------- >> each (..) is a permission, fields seprated by ";" >> >> "A" - Access Allowed >> ; >> (inhertance, not for service) >> ; >> "GA" SDDL_GENERIC_ALL GENERIC_ALL >> "GR" SDDL_GENERIC_READ GENERIC_READ >> "GW" SDDL_GENERIC_WRITE GENERIC_WRITE >> "GX" SDDL_GENERIC_EXECUTE GENERIC_EXECUTE >> "RC" SDDL_READ_CONTROL READ_CONTROL >> "SD" SDDL_STANDARD_DELETE DELETE >> "WD" SDDL_WRITE_DAC WRITE_DAC >> "WO" SDDL_WRITE_OWNER WRITE_OWNER >> "RP" SDDL_READ_PROPERTY ADS_RIGHT_DS_READ_PROP >> "WP" SDDL_WRITE_PROPERTY ADS_RIGHT_DS_WRITE_PROP >> "CC" SDDL_CREATE_CHILD ADS_RIGHT_DS_CREATE_CHILD >> "DC" SDDL_DELETE_CHILD ADS_RIGHT_DS_DELETE_CHILD >> "LC" SDDL_LIST_CHILDREN ADS_RIGHT_ACTRL_DS_LIST >> "SW" SDDL_SELF_WRITE ADS_RIGHT_DS_SELF >> "LO" SDDL_LIST_OBJECT ADS_RIGHT_DS_LIST_OBJECT >> "DT" SDDL_DELETE_TREE ADS_RIGHT_DS_DELETE_TREE >> "CR" SDDL_CONTROL_ACCESS ADS_RIGHT_DS_CONTROL_ACCESS >> "FA" SDDL_FILE_ALL FILE_ALL_ACCESS >> "FR" SDDL_FILE_READ FILE_GENERIC_READ >> "FW" SDDL_FILE_WRITE FILE_GENERIC_WRITE >> "FX" SDDL_FILE_EXECUTE FILE_GENERIC_EXECUTE >> "KA" SDDL_KEY_ALL KEY_ALL_ACCESS >> "KR" SDDL_KEY_READ KEY_READ >> "KW" SDDL_KEY_WRITE KEY_WRITE >> "KX" SDDL_KEY_EXECUTE KEY_EXECUTE >> ; >> SY = System >> BA = Administrator >> AU = Authenicated User >> PU = Power User >> >> e.g. (A;;CCLCSWRPWPDTLOCRRC;;;PU) >> means Power User allow create/list child, self write, read/write >> property, delete,, list object, control access and read control.. >> >> >> if you don't understand this string... just copy the string from what >> ever service you have set up already. >> > > Looks pretty straight-forward. But what access do we want to give out? > This one?: > > "CR" SDDL_CONTROL_ACCESS ADS_RIGHT_DS_CONTROL_ACCESS
Oops. I have included the wrong table. (that one was for the active directory control) You should use this one instead: CC - SERVICE_QUERY_CONFIG LC - SERVICE_QUERY_STATUS SW - SERVICE_ENUMERATE_DEPENDENTS RP - SERVICE_START WP - SERVICE_STOP DT - SERVICE_PAUSE_CONTINUE LO - SERVICE_INTERROGATE CR - SERVICE_USER_DEFINED_CONTROL RC - READ_CONTROL > > - Zero3 > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >