Securing Windows Service Applications

Is there any way to restrict users with administrative privileges from managing specific Windows service based applications? I would like to restrict administrators from stopping or re-starting my service very similar to the Windows event log service. What are some of the more popular approaches or recommended approaches to securing services followed by product vendors (like antivirus applications, firewalls etc where the service has to be running continuously)?

Answers


To remove the stop option from the service management mmc. With .net service you:

ServicesToRun = new ServiceBase[] { new Service1() };
ServicesToRun[0].CanStop = false;

With win32 see the SERVICE_STATUS structure and SetServiceStatus function documentation. Did not test this option.

That said, I don't think ( and hope I am right ) that there is possibility, in user space, to prevent the administrator from stopping a service. The admin can still stop the service by killing the process from taskmanager or taskkill.


Here is one approach using access control - http://support.microsoft.com/?kbid=288129


Need Your Help

Compiling tesseract-ocr on ARM/Gumstix?

embedded ocr embedded-linux tesseract gumstix

Is it possible to compile tesseract-ocr for the Intel PXA270 found in certain Gumstix boards? Has anyone done this successfully, and if so, how did you do so?

Doctrine 2 inheritance in a Symfony 2 project without discriminating column?

database inheritance symfony doctrine-orm

I'm creating a bundle for Symfony 2 that has two user types. Only one user type will be used (the class is specified in the services configuration). I have defined two User classes that inherit fro...