Saturday, April 09, 2011

More than you wanted to know about sc.exe and service isolation in Windows 2k3 SP2

At the level of Win2k3 SP2 unpatched, sc.exe did not support the sidtype parameter for setting a per-service SID. If you issue

sc.exe sidtype MyService Unrestricted

it spits out help text, then pauses for user input

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

At patch MS09-012/KB959454 (or maybe KB956572), if not before, sc.exe was upgraded to interpret this parameter. However...

If on 64-bit Win 2k3 with that patch, you run the 32-bit -- Program Files (x86) -- version, that will accept the sidtype parameter and do nothing, at least on the various systems I've tested on.

Post a Comment