At 12:46 AM 6/26/02 -0400, you wrote: >I've spent a few days fighting with Windows and MFC to make Prime95 run as >a true >Windows NT Service. That is, when you check the "Start at Bootup" menu >choice, >prime95 is installed as a service. At next bootup it starts before anyone >logs in. >At first login, the familiar red icon appears in the system tray, and >prime95 keeps >running even when you log off. > >This question is for the serious NT sysadmins out there: Given that Microsoft >strongly discourages NT services having a GUI interface, are there any >problems >or security issues I need to worry about? A GUI service must run under >the Local >System account. You can still use Hide Icon to make the service virtually >invisible to all users.
Let's say Joe User is logged on as "Joe", with "Guest" permissions. Do you REALLY want him to have access to a GUI that is running as LocalSystem (in essence, as Administrator)? No, you don't. While your app MAY be secure, most admins won't want to give that kind of "break" to someone trying to hack the box, and any serious admin is simply going to download the "True Service" version, and run that. >Even if there are problems, I think this will work well for naive home >users running >WinXP with multiple user accounts. My hope is to eliminate the NTsetup and >NTPrime programs with this feature. Yes, with WinXP, it might offer an advantage. But you asked for the view from a serious NT admin, and I don't want to see the separate version go away, not if it means having to run a LocalUser app, and giving access to it to Guest users.... _________________________________________________________________________ Unsubscribe & list info -- http://www.ndatech.com/mersenne/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
