Export (0) Print
Expand All

SERVICE_SID_INFO structure

Represents a service security identifier (SID).

Syntax


typedef struct _SERVICE_SID_INFO {
  DWORD dwServiceSidType;
} SERVICE_SID_INFO, *LPSERVICE_SID_INFO;

Members

dwServiceSidType

The service SID type.

ValueMeaning
SERVICE_SID_TYPE_NONE
0x00000000

Use this type to reduce application compatibility issues.

SERVICE_SID_TYPE_RESTRICTED
0x00000003

This type includes SERVICE_SID_TYPE_UNRESTRICTED. The service SID is also added to the restricted SID list of the process token. Three additional SIDs are also added to the restricted SID list:

  • World SID S-1-1-0
  • Service logon SID
  • Write-restricted SID S-1-5-33

One ACE that allows GENERIC_ALL access for the service logon SID is also added to the service process token object.

If there are multiple services hosted in the same process and one service has SERVICE_SID_TYPE_RESTRICTED, all services must have SERVICE_SID_TYPE_RESTRICTED.

SERVICE_SID_TYPE_UNRESTRICTED
0x00000001

When the service process is created, the service SID is added to the service process token with the following attributes: SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_OWNER.

 

Remarks

The change takes effect the next time the system is started.

The SCM adds the specified service SIDs to the process token, plus the following additional SIDs.

SIDAttributes
Logon SIDSE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID | SE_GROUP_MANDATORY
Local SIDSE_GROUP_MANDATORY | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT

 

This enables developers to control access to the objects a service uses, instead of relying on the use of the LocalSystem account to obtain access.

Use the LookupAccountName and LookupAccountSid functions to convert between a service name and a service SID. The account name is of the following form:

NT SERVICE\SvcName

Note that NT SERVICE is the domain name.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Winsvc.h (include Windows.h)

See also

ChangeServiceConfig2
QueryServiceConfig2

 

 

Community Additions

ADD
Show:
© 2014 Microsoft