windows-security

Is there a tool to generate SDDL (Security Descriptor Definition Language) strings?

徘徊边缘 提交于 2019-12-04 08:28:40
问题 Is there a tool to generate SDDL (Security Descriptor Definition Language) strings? I'd like to create them through Windows' Security property sheet or something similar. 回答1: One way is to set the ACL on a file (using the standard property sheet -- i.e. right click and choose Properties , then go to the Security tab), then use CACLS filename /S to display the resulting ACL in the SDDL format. 回答2: For those who want to get the SDDL string for registry keys permissions you can use PowerShell:

Cannot connect to SQL Server from PowerShell with domain credentials

你。 提交于 2019-12-04 03:35:13
问题 I have a problem where I cannot connect to a SQL Server using domain credentials. Using the SA credentials it works and the query runs as expected. But when I use domain credentials, I get an error. Here is the script: $SQLServer = 'server.domain.com' $SQLDBName = 'DBname' $username = "DOMAIN\user" $password = "password" $SqlConnection = New-Object System.Data.SqlClient.SqlConnection #--> With SA, it works, with DOMAIN creds, it does not #$SqlConnection.ConnectionString = "Server=$SQLServer;

How to write in a registry key own by TrustedInstaller

梦想的初衷 提交于 2019-12-04 00:25:07
In order to install a new property page into the Active Directory SnapIn, I need to write into the following registry key of W2K8 R2 ( as documented by Microsoft ) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns{E355E538-1C2E-11D0-8C37-00C04FD8FE93}\NodeTypes This key is own by a special user called TrustedInstaller . I found a lots of thing on the NET arround that. At the moment here is the way it works doing the following (user is member of administrator group): I give the user the privilege to take ownership. The user take ownership The user write the registry the user give ownership to

Cannot connect to SQL Server from PowerShell with domain credentials

邮差的信 提交于 2019-12-01 19:24:02
I have a problem where I cannot connect to a SQL Server using domain credentials. Using the SA credentials it works and the query runs as expected. But when I use domain credentials, I get an error. Here is the script: $SQLServer = 'server.domain.com' $SQLDBName = 'DBname' $username = "DOMAIN\user" $password = "password" $SqlConnection = New-Object System.Data.SqlClient.SqlConnection #--> With SA, it works, with DOMAIN creds, it does not #$SqlConnection.ConnectionString = "Server=$SQLServer; Database=$SQLDBName; User ID=sa; Password=SApassword;" $SqlConnection.ConnectionString = "Server=

How to add a service SID to a service?

我是研究僧i 提交于 2019-12-01 13:26:15
I have a windows service with a TCP/IP server built in. Clients and connect and some information is distributed etc. Typically the service is installed to log on as Network Service. There is some data that is stored in a folder under ProgramData and read/write access to that folder is therefor granted to the service during installation. However, access is thus typically granted to all services using the Network Service account. I understand that it is possible to add a specific service SID using ChangeServiceConfig2 with SERVICE_CONFIG_SERVICE_SID_INFO. From there it is however not at all

How to add a service SID to a service?

眉间皱痕 提交于 2019-12-01 11:33:13
问题 I have a windows service with a TCP/IP server built in. Clients and connect and some information is distributed etc. Typically the service is installed to log on as Network Service. There is some data that is stored in a folder under ProgramData and read/write access to that folder is therefor granted to the service during installation. However, access is thus typically granted to all services using the Network Service account. I understand that it is possible to add a specific service SID

How to run a process as current user privilege from an admin process

删除回忆录丶 提交于 2019-11-29 15:47:27
When a setup program(built by like Inno Setup) does launch a process, the process always be run as administrator privilege. -because setup program had been run as admin. I want to run the child process as current user's privilege. Is there a good way? Although it is not considered best practice (or even good practice), it is possible to launch a medium IL process from a high/admin IL process: See this post on codeproject I can confirm that this code works on Vista 32 and 64-bit with and without UAC enabled. This question comes up every 3 or 4 months internally at MSFT. The answer that the

What's the difference between a Primary Token and an Impersonation Token

心不动则不痛 提交于 2019-11-28 23:39:05
问题 Some Windows APIs return a primary token and some return an impersonation token. Some APIs require a primary token while others require an impersonation token. For example, LogonUser usually returns a primary token, except when using LOGON32_LOGON_NETWORK as the logon type ( dwLogonType ): In most cases, the returned handle is a primary token that you can use in calls to the CreateProcessAsUser function. However, if you specify the LOGON32_LOGON_NETWORK flag, LogonUser returns an

How to get user name using Windows authentication in asp.net?

ぐ巨炮叔叔 提交于 2019-11-28 20:01:07
问题 I want to get user name using Windows authentication Actually I implemented "Sign in as different user",when click this button Windows security will appear there we can give credentials. In that time if I give some other credential it is taking current user name only. How to get that given credential user name from windows security? Host application in IIS then anonymous authentication has disabled and windows authentication was enabled. web.config: <system.web> <compilation debug="true"

Get a list of members of a WinNT group

时光总嘲笑我的痴心妄想 提交于 2019-11-28 09:45:06
There are a couple of questions similar to this on stack overflow but not quite the same. I want to open, or create, a local group on a win xp computer and add members to it, domain, local and well known accounts. I also want to check whether a user is already a member so that I don't add the same account twice, and presumably get an exception. So far I started using the DirectoryEntry object with the WinNT:// provider. This is going ok but I'm stuck on how to get a list of members of a group? Anyone know how to do this? Or provide a better solution than using DirectoryEntry? Kepboy Okay, it's