1.设置服务器上的windows service的security,下面的命令只能用cmd.exe来运行(以管理员模式)
sc sdset "LISA_43_Dev_Batch" "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RPWPCR;;;NS)"
2.服务器上的wcf托管在IIS上,设置application pool的identity为NetworkService
https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/
Lets look at another example:
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
A – Allow
CC – SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration
DC – Delete All Child Objects
LC – SERVICE_QUERY_STATUS – ask the SCM for the service’s current status
SW – SERVICE_ENUMERATE_DEPENDENTS – list dependent services
RP – Read all properites
WP – SERVICE_STOP – stop the service
DT – SERVICE_PAUSE_CONTINUE – pause / continue the service
LO – SERVICE_INTERROGATE – ask the service its current status
CR – SERVICE_USER_DEFINED_CONTROL – send a service control defined by the service’s authors
SD – Delete
RC – READ_CONTROL – read the security descriptor on this service.
WD – Modify permissions
WO – Modify owner
BA- Built-in administrators
Wow-that wasn’t simple,not to mention somewhat boring…