An application I am writing runs as a service on Windows Server 2008 and 2003 both 32 and 64 bit versions as well as on Windows 7 and Vista. I am trying to protect tampering of my application's registry entries by normal users and administrators alike and I use ACLs to achieve this.
So far I have been able to protect any tampering by normal users SID: S-1-5-32-545
What I would like to achieve is to allow Administrators(SID: S-1-3-0) the right to create the registry entries since the service is initially installed by an Administrator but disallow Administrators from either modifying or deleting any of the entries thereafter.
I understand Windows Vista has the Owner Rights SID which does not give an Administrator explicit rights to modify DACLs or ownership but I don't think I can use this.
admins have the privilege to change the owner - you will not be able to change that.
If an admin cannot be trusted, don't make him an admin.
You can only use auditing to monitor changes/deletions.
When you try to share a printer , you may receive one of the following error messages.
Error message when you use the Add Printer Wizard to share a printer:
Windows could not share your printer. Operation could not be completed (Error 0x000006…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…