Services Question

Discussion in 'other software & services' started by HandsOff, Sep 4, 2005.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    in the event viewer, and probably services interface you can see what user a service is running under. In the event viewer, I see three different things:

    -System
    -N/A
    - my computer name / my username

    i have heard it is best to run services under system. how does one control this?


    - HandsOff
     
  2. G-Force

    G-Force Guest

    Hi Hands,

    I've wondered this myself searching high and low for answer's, discovering a reasonably complicated approach through the use of Access Token's, ACL's, Privilege's, and Security Descriptor's "oh my!" :D I'm pretty sure I'm on the right track issuing this page from the MSDN library (either that or I truly don't know what the heck I'm talking about, swap the x's too!) ....

    xxxx://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_control.asp

    Further .... the use of commands such as cacls, net, netdom, sc, set, and xcacls can extend manipulation beyond the capabilities of a window's environment, much as netsh can for networking. Experiment if you dare!

    xxxx://www.ss64.com/nt/

    You're inquery sparked my curiosity to also locate this (neither free nor cheap, but interesting) ....

    xxxx://www.scriptlogic.com/products/serviceexplorer/

    If spying on security call's is in your future, Notok had approval for this utility .... ;)

    xxxx://www.sysinternals.com/Utilities/Tokenmon.html


    GF
     
  3. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Hi -

    It's not that I am intimidated by the prospect of fleshing this out, but I believe there must be a much simpler method. I am basing this guess on something that I read that reviewed the most common reasons that windows XP will not shut down as it should. The author said, very off-handedly, something like, 'one common cause for a user profile to hang up during the saving settings phase of shut down is when services are being run by user's instead of by system or network service.' <-- sort of a clumbsy quote, but I wasn't paying much attention since they did not go on to explain how to change this, and I did not think I had any processes being run by anything but system.

    [afterthough: maybe i should have added that it was because the way they said it made it sound like correcting that was a trivial matter]

    ...However...I seemed to have changed all that, without even trying.

    in my event viewer I see this:

    7035
    "The Application Management service was successfully sent a start control."

    Which does not sound so bad until I see that this is running under my user profile, not system, and it is followed by:

    7036
    "The Application Management service entered the stopped state."

    ERROR-7023
    "The Application Management service terminated with the following error:
    The specified module could not be found."


    I am hoping that this does not have to make sense to me in order for me to fix it. I will give it a go.


    - HandsOff
     
    Last edited: Sep 6, 2005
  4. Hand's,

    I will say one thing before proceeding ....
    I do not know the consequences of altering the account under which a service run's!

    Open Services through Control Panel > Help > Help Topic's > Services > How To ... here it will be explained.


    GF
     
  5. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    I am a little closer to a solution. And the process that is responsible is Lsass.exe. that doesnt tell me everything, but I am close.

    -HandsOff

    PS - i am pretty sure this is not related to sasser, or Lsass exploit.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.