This is the mail archive of the
cygwin-developers@cygwin.com
mailing list for the Cygwin project.
Re: Windows server 2003
- From: Corinna Vinschen <vinschen at redhat dot com>
- To: cygwin-developers at cygwin dot com
- Date: Wed, 9 Apr 2003 15:23:15 +0200
- Subject: Re: Windows server 2003
- References: <3E941A25.F7555F6B@ieee.org>
- Reply-to: cygwin-developers at cygwin dot com
On Wed, Apr 09, 2003 at 09:03:33AM -0400, Pierre A. Humblet wrote:
> Corinna,
>
> have you seen the thread
> <http://cygwin.com/ml/cygwin/2003-04/msg00460.html>
>
> It appears that Windows Server 2003 does not give the
> CreateToken privilege to the local system account.
Sounds weird.
> That's perhaps because security has been tightened on that box, see
> <http://www.entmag.com/news/article.asp?EditorialsID=5691>
> <http://www.microsoft.com/windowsserver2003/techinfo/serverroles/appserver/secplat.mspx>
> and two new special accounts are present by default.
These two accounts aren't actually new. XP already introduced them,
called "Local Service" (S-1-5-19) and "Network Service" (S-1-5-20).
However, the sense of all that was originally that these two accounts
are using lower privileges than the SYSTEM account has. So the rule
is to start a service under the appropriate of these two accounts
instead of under SYSTEM if possible.
I didn't find a word about SYSTEM having less rights than before in the
above papers. I don't see how that should work and somehow I can't see
a sense in that change. I'll test that as soon as I get my hands on a
final 2003 Server version.
> Although I have been unable to find much, this issue will
> eventually need to be documented and to have a recommended
> solution. There must be a control panel or wizard somewhere.
There are "{Local/Domain/Domain Controller} Security Policy" MMC-Snapins
since W2K available.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin at cygwin dot com
Red Hat, Inc.