客户端通过wcf来启动或者停止服务器上的windows service

1.设置服务器上的windows service的security，下面的命令只能用cmd.exe来运行(以管理员模式)

sc sdset "LISA_43_Dev_Batch" "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RPWPCR;;;NS)"

 

2.服务器上的wcf托管在IIS上，设置application pool的identity为NetworkService

 

https://serverfault.com/questions/645776/how-to-reset-service-permissions-after-messing-up-with-sc-sdset

https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/ 

Lets look at another example:
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)

A – Allow
CC – SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration
DC – Delete All Child Objects
LC – SERVICE_QUERY_STATUS – ask the SCM for the service’s current status
SW – SERVICE_ENUMERATE_DEPENDENTS – list dependent services
RP – Read all properites
WP – SERVICE_STOP – stop the service
DT – SERVICE_PAUSE_CONTINUE – pause / continue the service
LO – SERVICE_INTERROGATE – ask the service its current status
CR – SERVICE_USER_DEFINED_CONTROL – send a service control defined by the service’s authors
SD – Delete
RC – READ_CONTROL – read the security descriptor on this service.
WD – Modify permissions
WO – Modify owner
BA- Built-in administrators

Wow-that wasn’t simple,not to mention somewhat boring…

 

作者:Chuck Lu    GitHub