Security

Services and Service Security

The Windows operating system can run special applications called services, which are similar to UNIX daemons. Services generally start along with the operating system and run in the background, without any user interface. Examples include Microsoft® SQL Server, the Spooler, IIS Web Server, and the Windows® Event Log. Because they are applications, services must run in the context of a user account. The LocalSystem account, discussed below, is set aside for this purpose.

Services pose some interesting security issues that you must be aware of, most notably:

• Services, as mentioned, usually have no user interface. Therefore, any component that might work correctly from, for example, Microsoft® Visual Basic® might not work correctly from IIS 5.0, if the component expects a user interface.
• IIS 5.0 might be running under a different user account than the logged-on user, and thus might not have access to the same registry settings. A common example of this is Open Database Connectivity (ODBC) Data Source Names (DSNs); by default these are set per user. To make DSNs work with IIS 5.0, they should be System DSNs.

© 1997-1999 Microsoft Corporation. All rights reserved.