This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Windows server 2003


On Wed, Apr 09, 2003 at 09:03:33AM -0400, Pierre A. Humblet wrote:
> Corinna,
> 
> have you seen the thread
> <http://cygwin.com/ml/cygwin/2003-04/msg00460.html>
> 
> It appears that Windows Server 2003 does not give the
> CreateToken privilege to the local system account.

Sounds weird.

> That's perhaps because security has been tightened on that box, see 
> <http://www.entmag.com/news/article.asp?EditorialsID=5691>
> <http://www.microsoft.com/windowsserver2003/techinfo/serverroles/appserver/secplat.mspx>
> and two new special accounts are present by default.

These two accounts aren't actually new.  XP already introduced them,
called "Local Service" (S-1-5-19) and "Network Service" (S-1-5-20).

However, the sense of all that was originally that these two accounts
are using lower privileges than the SYSTEM account has.  So the rule
is to start a service under the appropriate of these two accounts
instead of under SYSTEM if possible.

I didn't find a word about SYSTEM having less rights than before in the
above papers.  I don't see how that should work and somehow I can't see
a sense in that change.  I'll test that as soon as I get my hands on a
final 2003 Server version.

> Although I have been unable to find much, this issue will
> eventually need to be documented and to have a recommended
> solution. There must be a control panel or wizard somewhere.

There are "{Local/Domain/Domain Controller} Security Policy" MMC-Snapins
since W2K available.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin at cygwin dot com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]