Platform SDK: DLLs, Processes, and Threads |
When a process uses the OpenSCManager function to open a handle to a database of installed services, it can request different types of access. The system performs a security check before granting the requested access. All processes are permitted the following access to the database:
This enables any process to open a handle to the SCManager object that it can use in calls to the OpenService, EnumServicesStatus, and QueryServiceLockStatus functions. Only processes with Administrator privileges are able to open handles to the SCManager object that can be used by the CreateService and LockServiceDatabase functions.
When a process uses the OpenService function, the system performs an access check. The type of access permitted to different users depends on the SECURITY_DESCRIPTOR structure associated with the service object. The SCM creates a service object's security descriptor when the service is installed by the CreateService function. You can use the QueryServiceObjectSecurity and SetServiceObjectSecurity functions to query and set the security descriptor of a service object. The default security descriptor of a service object permits the following access:
Note that granting certain access to untrusted users (such as SERVICE_CHANGE_CONFIG or SERVICE_STOP) can allow them to interfere with the execution of your service, and possible allow them to run applications under the LocalSystem account.