Per-service SID

(This is part 3 of our series of posts on service hardening.)  Under Windows Vista/Longhorn Server, your service can now have its own SID (Security Identifier), which you can then use in ACLs to protect your service resources. You configure your service to be assigned a per-service SID during its installation with the ChangeServiceConfig2 API (dwInfoLevel=…

2

Least privilege for services

This is part 2 of our series of posts on service hardening. “Need to have” and least privilege principle Executing with least privilege is a good practice of computer security.  As with the “need to know” principle for information access, there should be a “need to have” principle for privileges. If your code does not…

2