How do I set ACL for a Windows Service in .net?

前端未结

关注

 2  1110

情书的邮戳 2021-01-14 10:35

I have a service that I need to be able to start and stop with a button. I am using a ServiceController in a seperate program and everything works as intended when I run thi

2条回答

抹茶落季 (楼主)

2021-01-14 11:15

The code I have is in C, but it shouldn't be too hard to adapt to VB - or you could put it in a DLL. Alternatively, you could launch a command shell and use the sc sdset command.

wchar_t sddl[] = L"D:"
  L"(A;;CCLCSWRPWPDTLOCRRC;;;SY)"           
      // default permissions for local system
  L"(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)"   
      // default permissions for administrators
  L"(A;;CCLCSWLOCRRC;;;AU)"                 
      // default permissions for authenticated users
  L"(A;;CCLCSWRPWPDTLOCRRC;;;PU)"           
      // default permissions for power users
  L"(A;;RP;;;IU)"                           
      // added permission: start service for interactive users
  ;

DWORD InstallService() 
{
  SC_HANDLE manager, service;
  PSECURITY_DESCRIPTOR sd;
  DWORD err;

  wchar_t apppath[MAX_PATH + 2];

  // Note: because this is only called from main() which exits
  // immediately afterwards, no attempt is made to close the
  // handles generated.

  if (!ConvertStringSecurityDescriptorToSecurityDescriptor(sddl, 
      SDDL_REVISION_1, &sd, NULL))
  {
    err = GetLastError();
    printf("Error %u creating security descriptor.\n", err);
    return err;
  }

  if (!GetModuleFileName(0, apppath, MAX_PATH + 1)) 
  {
    err = GetLastError();
    printf("Error %u fetching module name.\n", err);
    return err;
  }

  if (_wcsicmp(apppath + wcslen(apppath) - wcslen(exename), exename) != 0) 
  {
    printf("Application name mismatch: %ls\n", 
      apppath + wcslen(apppath) - wcslen(exename));
    return ERROR_INVALID_FUNCTION;
  }

  manager = OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE);

  if (!manager) 
  {
    err = GetLastError();
    printf("Error %u connecting to service manager.\n", err);
    return err;
  }

  service = CreateService(manager,
    servicename,
    displayname,
    WRITE_DAC,
    SERVICE_WIN32_OWN_PROCESS,
    SERVICE_DEMAND_START,
    SERVICE_ERROR_NORMAL,
    apppath,
    0,
    0,
    NULL,
    NULL,
    NULL);

  if (!service) 
  {
    err = GetLastError();
    printf("Error %u installing service.\n", err);
    return err;
  }

  if (!SetServiceObjectSecurity(service, DACL_SECURITY_INFORMATION, sd))
  {
    err = GetLastError();
    printf("Error %u setting service security.\n", err);
    return err;
  }

  printf("Service successfully installed.\n");
  return 0;
}

0 讨论(0)

查看其它2个回答