|
|
|
CA Access Control lets you protect Windows services. A Windows service is a program that runs in the background on Windows, and is the Windows equivalent to a daemon on UNIX.
The CA Access Control Windows service protection intercepts service access events that originate from one of the following:
CA Access Control intercepts the services.exe process for each service access. This includes starting or stopping a service. For example, net start service, net stop service, and so on, are all protected.
Intercepted events in this case are audited using the protected service's name.
CA Access Control intercepts registry calls to the service control management database to protect against service state queries or changes. This means that CA Access Control automatically protects the registry areas that are associated with the protected service. Effectively, CA Access Control protects the following registry keys when you define service protection:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\service_name HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\service_name\*
Intercepted events in this case are audited using the full registry path.
You protect a Windows service in the same way as you protect other resources, that is by creating assigning a resource to the service and adding accessors to the resource's access control lists. The resource class for a Windows service is WINSERVICE. A WINSERVICE resource has two access control lists: an ACL and an NACL. Valid access types for an entry in a WINSERVICE access control list are:
| Copyright © 2012 CA. All rights reserved. |
|