Services Question

Discussion in 'other software & services' started by HandsOff, Sep 4, 2005.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    in the event viewer, and probably services interface you can see what user a service is running under. In the event viewer, I see three different things:

    -System
    -N/A
    - my computer name / my username

    i have heard it is best to run services under system. how does one control this?


    - HandsOff
     
  2. G-Force

    G-Force Guest

    Hi Hands,

    I've wondered this myself searching high and low for answer's, discovering a reasonably complicated approach through the use of Access Token's, ACL's, Privilege's, and Security Descriptor's "oh my!" :D I'm pretty sure I'm on the right track issuing this page from the MSDN library (either that or I truly don't know what the heck I'm talking about, swap the x's too!) ....

    xxxx://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_control.asp

    Further .... the use of commands such as cacls, net, netdom, sc, set, and xcacls can extend manipulation beyond the capabilities of a window's environment, much as netsh can for networking. Experiment if you dare!

    xxxx://www.ss64.com/nt/

    You're inquery sparked my curiosity to also locate this (neither free nor cheap, but interesting) ....

    xxxx://www.scriptlogic.com/products/serviceexplorer/

    If spying on security call's is in your future, Notok had approval for this utility .... ;)

    xxxx://www.sysinternals.com/Utilities/Tokenmon.html


    GF
     
  3. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Hi -

    It's not that I am intimidated by the prospect of fleshing this out, but I believe there must be a much simpler method. I am basing this guess on something that I read that reviewed the most common reasons that windows XP will not shut down as it should. The author said, very off-handedly, something like, 'one common cause for a user profile to hang up during the saving settings phase of shut down is when services are being run by user's instead of by system or network service.' <-- sort of a clumbsy quote, but I wasn't paying much attention since they did not go on to explain how to change this, and I did not think I had any processes being run by anything but system.

    [afterthough: maybe i should have added that it was because the way they said it made it sound like correcting that was a trivial matter]

    ...However...I seemed to have changed all that, without even trying.

    in my event viewer I see this:

    7035
    "The Application Management service was successfully sent a start control."

    Which does not sound so bad until I see that this is running under my user profile, not system, and it is followed by:

    7036
    "The Application Management service entered the stopped state."

    ERROR-7023
    "The Application Management service terminated with the following error:
    The specified module could not be found."


    I am hoping that this does not have to make sense to me in order for me to fix it. I will give it a go.


    - HandsOff
     
    Last edited: Sep 6, 2005
  4. Hand's,

    I will say one thing before proceeding ....
    I do not know the consequences of altering the account under which a service run's!

    Open Services through Control Panel > Help > Help Topic's > Services > How To ... here it will be explained.


    GF
     
  5. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    I am a little closer to a solution. And the process that is responsible is Lsass.exe. that doesnt tell me everything, but I am close.

    -HandsOff

    PS - i am pretty sure this is not related to sasser, or Lsass exploit.
     
Loading...
Thread Status:
Not open for further replies.