"security key"

hello,

hello, in this example, how we calculate this key ? is it once per
software ?


reg add "\\%CPNAM%\HKLM\SYSTEM\CurrentControlSet\Services\ OpenSSHd
\Security" /v Security /t REG_BINARY /d
"01001480C0000000CC0000001400000034000000020020000 100000002801800FF010F00010100000000000100000000200 2000002008C0005000000000018008D0102000101000000000 001000000007200760000001C00FD010200010200000000000 520000000230200007300760000001C00FF010F00010200000 000000520000000200200007300760000001C00FF010F00010 200000000000520000000250200007300760000001800FD010 20001010000000000051200000025020000010100000000000 512000000010100000000000512000000" /
f
::###

"sebastien@willemijns.com" <sebastien@willemijns.com> writes:

> hello, in this example, how we calculate this key ? is it once per
> software ?
>
>
> reg add "\\%CPNAM%\HKLM\SYSTEM\CurrentControlSet\Services\ OpenSSHd\Security"
> /v Security /t REG_BINARY /d
> "01001480C0000000CC0000001400000034000000020020000 100000002801800FF010F00010100000000000100000000200 2000002008C0005000000000018008D0102000101000000000 001000000007200760000001C00FD010200010200000000000 520000000230200007300760000001C00FF010F00010200000 000000520000000200200007300760000001C00FF010F00010 200000000000520000000250200007300760000001800FD010 20001010000000000051200000025020000010100000000000 512000000010100000000000512000000"
> /f

That controls which users can e.g. start and stop the service.
Often you can leave this out and let Windows use its defaults.
IIRC, the value is formatted as a self-relative security
descriptor. However the documented way of setting it is with
the SetServiceObjectSecurity function, rather than by writing
directly to the Registry.

* Service Security and Access Rights
http://msdn.microsoft.com/library/ms685981.aspx
Lists the rights you can grant here, and the defaults.

* Modifying the DACL for a Service
http://msdn.microsoft.com/library/ms684215.aspx
An example about SetServiceObjectSecurity.

* ConvertSecurityDescriptorToStringSecurityDescripto r Function
http://msdn.microsoft.com/library/aa376397.aspx
Converts a security descriptor to a string that is easier to
understand than the hexadecimal numbers.

* !sd
http://msdn.microsoft.com/library/cc266947.aspx
A debugger extension command to display a security descriptor.
Saves you from having to write your own program for this.

* Permission Element
http://wix.sourceforge.net/manual-wi...permission.htm
Windows Installer does not itself support setting access control
lists for services, but WiX has custom actions for that.

Note, you should be careful about granting SERVICE_CHANGE_CONFIG.
A user with this access right can change the service to run a
program of his/her choosing, and also to execute with LocalSystem
permissions and all privileges. So when the service next starts,
he/she would then have unlimited access to the computer.

Followups set to microsoft.public.platformsdk.security.