Possible to hide a service from users?

TheMSsForum.com: The Microsoft Software Forum

Anyone know of a way to either hide a service from users on a server or
prevent them from being able to start a service? Windows 2003...

I installed a server app that needs to remain on the system but I need to
make sure it does not run. The problem is, sys admins out in the field have
access to the server and they will know its not supposed to run but some, out
of curiosity, may do it anyway. Any thoughts? Thanks.


Carl
--
Carl Wilson
Security Engineer
Top

Re: Possible to hide a service from users? by Steven

Steven
Wed May 10 18:53:36 CDT 2006

There are a couple of ways to manage service permissions using security
templates and command line tools such as subinacl or setacl. I would suggest
however that you inform the admins what is going on as admins they can grant
themselves permissions to the service if they know how and want to. The
links below explain more. --- Steve

http://setacl.sourceforge.net/html/examples.html -- setacl see example 23
http://support.microsoft.com/?kbid=288129

"Carl W." <CarlW@discussions.microsoft.com> wrote in message
news:AD505CBF-37CB-4BD2-9E9C-B39C0EEE2094@microsoft.com...
> Anyone know of a way to either hide a service from users on a server or
> prevent them from being able to start a service? Windows 2003...
>
> I installed a server app that needs to remain on the system but I need to
> make sure it does not run. The problem is, sys admins out in the field
> have
> access to the server and they will know its not supposed to run but some,
> out
> of curiosity, may do it anyway. Any thoughts? Thanks.
>
>
> Carl
> --
> Carl Wilson
> Security Engineer


Top

Re: Possible to hide a service from users? by Karl

Karl
Thu May 11 09:58:44 CDT 2006

Agree. You cannot reliably control or prevent anyone in the Administrators
group from doing anything. It is however usually possible to detect when
they have changed something, if you care to do so.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:%23atnyzIdGHA.4148@TK2MSFTNGP05.phx.gbl...
> There are a couple of ways to manage service permissions using security
> templates and command line tools such as subinacl or setacl. I would
suggest
> however that you inform the admins what is going on as admins they can
grant
> themselves permissions to the service if they know how and want to. The
> links below explain more. --- Steve
>
> http://setacl.sourceforge.net/html/examples.html -- setacl see example
23
> http://support.microsoft.com/?kbid=288129
>
> "Carl W." <CarlW@discussions.microsoft.com> wrote in message
> news:AD505CBF-37CB-4BD2-9E9C-B39C0EEE2094@microsoft.com...
> > Anyone know of a way to either hide a service from users on a server or
> > prevent them from being able to start a service? Windows 2003...
> >
> > I installed a server app that needs to remain on the system but I need
to
> > make sure it does not run. The problem is, sys admins out in the field
> > have
> > access to the server and they will know its not supposed to run but
some,
> > out
> > of curiosity, may do it anyway. Any thoughts? Thanks.
> >
> >
> > Carl
> > --
> > Carl Wilson
> > Security Engineer
>
>


Top