ToHec
asked on
Need to change Windows Station (winsta0) ACLs
Dear Experts,
I have downloaded a Windows Station/Desktop DACL editor.
The program shows the DACLs (winstadacl.exe). There are twor users as "Unknown" and RESTRICTED.
Unknown should be a deleted users or kind of user that was created during windows startup and windows statation creation and then deleted. I guess so because I couldn´t find any reference to its SID in the registry. I also don´t know exactly who RESTRICTED is. Could you help me to uderstand more about who is included as RESTRICTED? Do you know about users that XP creates and delete for any reason?
I am programming a software that will run as a Service, that needs ti interact with desktop, and I would like to understand what is happening bihind the curtain in order to not leaving security holes.
Thank you in advance.
Hector.
I have downloaded a Windows Station/Desktop DACL editor.
The program shows the DACLs (winstadacl.exe). There are twor users as "Unknown" and RESTRICTED.
Unknown should be a deleted users or kind of user that was created during windows startup and windows statation creation and then deleted. I guess so because I couldn´t find any reference to its SID in the registry. I also don´t know exactly who RESTRICTED is. Could you help me to uderstand more about who is included as RESTRICTED? Do you know about users that XP creates and delete for any reason?
I am programming a software that will run as a Service, that needs ti interact with desktop, and I would like to understand what is happening bihind the curtain in order to not leaving security holes.
Thank you in advance.
Hector.
gidds99
Restricted sometimes refers to standard users (e.g. a basic user account). I suppose it depends on the specifics of the tool you are using what this may indeed mean.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
gidds99,
I Have created a new Windows Station usign CreateWindowStation.
HWINSTA hwinsta = CreateWindowStation((LPCWS
Inmediatly after, I reviewed the ACL using CreateSecurityPage, and the new Windows Station inherets ACE for users RESTRICED and EVERYONE.
Microsoft says:
SID: S-1-5-12
Name: Restricted Code (código restringido)
This SID is reserved for future use.
Regards.
I Have created a new Windows Station usign CreateWindowStation.
HWINSTA hwinsta = CreateWindowStation((LPCWS
Inmediatly after, I reviewed the ACL using CreateSecurityPage, and the new Windows Station inherets ACE for users RESTRICED and EVERYONE.
Microsoft says:
SID: S-1-5-12
Name: Restricted Code (código restringido)
This SID is reserved for future use.
Regards.