Endpoint Administration Guide for Windows › Managing Resources › Windows Services Protection › Protect a Windows Service
Protect a Windows Service
You can protect a Windows Service and so provide additional protection to Windows operations.
To protect a Windows Service
- Ensure you have enabled Windows services protection.
- Ensure the WINSERVICE class is active An active class is one for which CA ControlMinder checks authorization whenever there is an access attempt on a resource in that class. If the class is inactive, access is permitted without any CA ControlMinder checks. You can manually set the state of a resource class to be active or inactive. . (It is active by default.)
- Create a WINSERVICE record in CA ControlMinder, with the same name as the Windows service you want to protect.
Note: The Windows service name is shown on the General tab of the Windows service properties dialog, but is not the same as the "display name" on that tab.
- Assign the accessors and their access authorization to the service.
The service is now protected.
Example: Restrict Access to the Print Spooler
On Windows the print spooler has the service name spooler. The following selang commands ensure the WINSERVICE class is active and sets the default access to the spooler to read.
setoptions class+(WINSERVICE)
editres WINSERVICE(spooler) defacc(R)
Copyright © 2013 CA Technologies.
All rights reserved.
|
|