Local System、Local Service與Network Service
CreateService参数介绍
SC_HANDLE CreateService(
SC_HANDLE hSCManager, //服务控制管理程序维护的登记数据库的句柄,由系统函数OpenSCManager 返回
LPCTSTR lpServiceName, //以NULL 结尾的服务名,用于创建登记数据库中的关键字
LPCTSTR lpDisplayName, //以NULL 结尾的服务名,用于用户界面标识服务
DWORD dwDesiredAccess, //指定服务返回类型
DWORD dwServiceType, //指定服务类型
DWORD dwStartType, //指定何时启动服务
DWORD dwErrorControl, //指定服务启动失败的严重程度
LPCTSTR lpBinaryPathName, //指定服务程序二进制文件的路径
LPCTSTR lpLoadOrderGroup, //指定顺序装入的服务组名
LPDWORD lpdwTagId, //忽略,NULL
LPCTSTR lpDependencies, //指定启动该服务前必须先启动的服务或服务组
LPCTSTR lpServiceStartName, //以NULL 结尾的字符串,指定服务帐号。如是NULL,则表示使用LocalSystem 帐号
LPCTSTR lpPassword //以NULL 结尾的字符串,指定对应的口令。为NULL表示无口令。但使用LocalSystem时填NULL
);
其中dwStartType取值类型如下:
共有五种启动类型。前三种类型是:SERVICE_AUTO_START、SERVICE_DISABLED 和 SERVICE_DEMAND_START。对应的标准启动类型:自动、禁用和手动,通常使用“计算机管理”管理工具中的“服务”进行配置。后两种类型是:SERVICE_BOOT_START 和 SERVICE_SYSTEM_START,通常用于配置加载设备驱动程序的方式。例如,在启动计算机时或启动 Windows 2000 时加载。
CreateService function
Creates a service object and adds it to the specified service control manager database.
Syntax
SC_HANDLE WINAPI CreateService(
_In_ SC_HANDLE hSCManager,
_In_ LPCTSTR lpServiceName,
_In_opt_ LPCTSTR lpDisplayName,
_In_ DWORD dwDesiredAccess,
_In_ DWORD dwServiceType,
_In_ DWORD dwStartType,
_In_ DWORD dwErrorControl,
_In_opt_ LPCTSTR lpBinaryPathName,
_In_opt_ LPCTSTR lpLoadOrderGroup,
_Out_opt_ LPDWORD lpdwTagId,
_In_opt_ LPCTSTR lpDependencies,
_In_opt_ LPCTSTR lpServiceStartName,
_In_opt_ LPCTSTR lpPassword
);
Parameters
- hSCManager [in]
-
A handle to the service control manager database. This handle is returned by the OpenSCManager function and must have theSC_MANAGER_CREATE_SERVICE access right. For more information, see Service Security and Access Rights.
- lpServiceName [in]
-
The name of the service to install. The maximum string length is 256 characters. The service control manager database preserves the case of the characters, but service name comparisons are always case insensitive. Forward-slash (/) and backslash (\) are not valid service name characters.
- lpDisplayName [in, optional]
-
The display name to be used by user interface programs to identify the service. This string has a maximum length of 256 characters. The name is case-preserved in the service control manager. Display name comparisons are always case-insensitive.
- dwDesiredAccess [in]
-
The access to the service. Before granting the requested access, the system checks the access token of the calling process. For a list of values, see Service Security and Access Rights.
- dwServiceType [in]
-
The service type. This parameter can be one of the following values.
Value Meaning - SERVICE_ADAPTER
- 0x00000004
Reserved.
- SERVICE_FILE_SYSTEM_DRIVER
- 0x00000002
File system driver service.
- SERVICE_KERNEL_DRIVER
- 0x00000001
Driver service.
- SERVICE_RECOGNIZER_DRIVER
- 0x00000008
Reserved.
- SERVICE_WIN32_OWN_PROCESS
- 0x00000010
Service that runs in its own process.
- SERVICE_WIN32_SHARE_PROCESS
- 0x00000020
Service that shares a process with one or more other services. For more information, see Service Programs.
If you specify either SERVICE_WIN32_OWN_PROCESS or SERVICE_WIN32_SHARE_PROCESS, and the service is running in the context of the LocalSystem account, you can also specify the following value.
Value Meaning - SERVICE_INTERACTIVE_PROCESS
- 0x00000100
The service can interact with the desktop.
For more information, see Interactive Services.
- dwStartType [in]
-
The service start options. This parameter can be one of the following values.
Value Meaning - SERVICE_AUTO_START
- 0x00000002
A service started automatically by the service control manager during system startup. For more information, see Automatically Starting Services.
- SERVICE_BOOT_START
- 0x00000000
A device driver started by the system loader. This value is valid only for driver services.
- SERVICE_DEMAND_START
- 0x00000003
A service started by the service control manager when a process calls the StartService function. For more information, seeStarting Services on Demand.
- SERVICE_DISABLED
- 0x00000004
A service that cannot be started. Attempts to start the service result in the error code ERROR_SERVICE_DISABLED.
- SERVICE_SYSTEM_START
- 0x00000001
A device driver started by the IoInitSystem function. This value is valid only for driver services.
- dwErrorControl [in]
-
The severity of the error, and action taken, if this service fails to start. This parameter can be one of the following values.
Value Meaning - SERVICE_ERROR_CRITICAL
- 0x00000003
The startup program logs the error in the event log, if possible. If the last-known-good configuration is being started, the startup operation fails. Otherwise, the system is restarted with the last-known good configuration.
- SERVICE_ERROR_IGNORE
- 0x00000000
The startup program ignores the error and continues the startup operation.
- SERVICE_ERROR_NORMAL
- 0x00000001
The startup program logs the error in the event log but continues the startup operation.
- SERVICE_ERROR_SEVERE
- 0x00000002
The startup program logs the error in the event log. If the last-known-good configuration is being started, the startup operation continues. Otherwise, the system is restarted with the last-known-good configuration.
- lpBinaryPathName [in, optional]
-
The fully qualified path to the service binary file. If the path contains a space, it must be quoted so that it is correctly interpreted. For example, "d:\\my share\\myservice.exe" should be specified as "\"d:\\my share\\myservice.exe\"".
The path can also include arguments for an auto-start service. For example, "d:\\myshare\\myservice.exe arg1 arg2". These arguments are passed to the service entry point (typically the main function).
If you specify a path on another computer, the share must be accessible by the computer account of the local computer because this is the security context used in the remote call. However, this requirement allows any potential vulnerabilities in the remote computer to affect the local computer. Therefore, it is best to use a local file.
- lpLoadOrderGroup [in, optional]
-
The names of the load ordering group of which this service is a member. Specify NULL or an empty string if the service does not belong to a group.
The startup program uses load ordering groups to load groups of services in a specified order with respect to the other groups. The list of load ordering groups is contained in the following registry value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ServiceGroupOrder
- lpdwTagId [out, optional]
-
A pointer to a variable that receives a tag value that is unique in the group specified in the lpLoadOrderGroup parameter. Specify NULL if you are not changing the existing tag.
You can use a tag for ordering service startup within a load ordering group by specifying a tag order vector in the following registry value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\GroupOrderList
Tags are only evaluated for driver services that have SERVICE_BOOT_START or SERVICE_SYSTEM_START start types.
- lpDependencies [in, optional]
-
A pointer to a double null-terminated array of null-separated names of services or load ordering groups that the system must start before this service. Specify NULL or an empty string if the service has no dependencies. Dependency on a group means that this service can run if at least one member of the group is running after an attempt to start all members of the group.
You must prefix group names with SC_GROUP_IDENTIFIER so that they can be distinguished from a service name, because services and service groups share the same name space.
- lpServiceStartName [in, optional]
-
The name of the account under which the service should run. If the service type is SERVICE_WIN32_OWN_PROCESS, use an account name in the formDomainName\UserName. The service process will be logged on as this user. If the account belongs to the built-in domain, you can specify .\UserName.
If this parameter is NULL, CreateService uses the LocalSystem account. If the service type specifies SERVICE_INTERACTIVE_PROCESS, the service must run in the LocalSystem account.
If this parameter is NT AUTHORITY\LocalService, CreateService uses the LocalService account. If the parameter is NT AUTHORITY\NetworkService,CreateService uses the NetworkService account.
A shared process can run as any user.
If the service type is SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER, the name is the driver object name that the system uses to load the device driver. Specify NULL if the driver is to use a default object name created by the I/O system.
A service can be configured to use a managed account or a virtual account. If the service is configured to use a managed service account, the name is the managed service account name. If the service is configured to use a virtual account, specify the name as NT SERVICE\ServiceName. For more information about managed service accounts and virtual accounts, see the Service Accounts Step-by-Step Guide.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: Managed service accounts and virtual accounts are not supported until Windows 7 and Windows Server 2008 R2.
- lpPassword [in, optional]
-
The password to the account name specified by the lpServiceStartName parameter. Specify an empty string if the account has no password or if the service runs in the LocalService, NetworkService, or LocalSystem account. For more information, see Service Record List.
If the account name specified by the lpServiceStartName parameter is the name of a managed service account or virtual account name, the lpPasswordparameter must be NULL.
Passwords are ignored for driver services.
Return value
If the function succeeds, the return value is a handle to the service.
If the function fails, the return value is NULL. To get extended error information, call GetLastError.
The following error codes can be set by the service control manager. Other error codes can be set by the registry functions that are called by the service control manager.
Return code | Description |
---|---|
|
The handle to the SCM database does not have the SC_MANAGER_CREATE_SERVICE access right. |
|
A circular service dependency was specified. |
|
The display name already exists in the service control manager database either as a service name or as another display name. |
|
The handle to the specified service control manager database is invalid. |
|
The specified service name is invalid. |
|
A parameter that was specified is invalid. |
|
The user account name specified in the lpServiceStartName parameter does not exist. |
|
The specified service already exists in this database. |
|
The specified service already exists in this database and has been marked for deletion. |
Remarks
The CreateService function creates a service object and installs it in the service control manager database by creating a key with the same name as the service under the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
Information specified by CreateService, ChangeServiceConfig, and ChangeServiceConfig2 is saved as values under this key. The following are examples of values stored for a service.
Value | Description |
---|---|
DependOnGroup | Load-ordering groups on which this service depends, as specified by lpDependencies. |
DependOnService | Services on which this service depends, as specified by lpDependencies. |
Description | Description specified by ChangeServiceConfig2 . |
DisplayName | Display name specified by lpDisplayName. |
ErrorControl | Error control specified by dwErrorControl. |
FailureActions | Failure actions specified by ChangeServiceConfig2 . |
Group | Load ordering group specified by lpLoadOrderGroup. Note that setting this value can override the setting of the DependOnService value. |
ImagePath | Name of binary file, as specified by lpBinaryPathName. |
ObjectName | Account name specified by lpServiceStartName. |
Start | When to start service, as specified by dwStartType. |
Tag | Tag identifier specified by lpdwTagId. |
Type | Service type specified by dwServiceType. |
Setup programs and the service itself can create additional subkeys for service-specific information.
The returned handle is only valid for the process that called CreateService. It can be closed by calling the CloseServiceHandle function.
If you are creating services that share a process, avoid calling functions with process-wide effects, such as ExitProcess. In addition, do not unload your service DLL.
Examples
For an example, see Installing a Service.
Requirements
Minimum supported client |
Windows XP [desktop apps only] |
---|---|
Minimum supported server |
Windows Server 2003 [desktop apps only] |
Header |
|
Library |
|
DLL |
|
Unicode and ANSI names |
CreateServiceW (Unicode) and CreateServiceA (ANSI) |
See also
- ChangeServiceConfig
- ChangeServiceConfig2
- CloseServiceHandle
- ControlService
- DeleteService
- EnumDependentServices
- OpenSCManager
- QueryServiceConfig
- QueryServiceDynamicInformation
- QueryServiceObjectSecurity
- QueryServiceStatusEx
- Service Accounts Step-by-Step Guide
- Service Functions
- Service Installation, Removal, and Enumeration
- SetServiceObjectSecurity
- StartService
Local System、Local Service與Network Service
同事詢問Windows服務執行身分的預設選項:Local System、Local Service、Network Service,權限各有何不同?這問題多年前我彷彿知道答案,如今大腦卻不爭氣地只有殘缺印象,爬文時習之,不亦悅乎。
Local System、Local Service、Network Service都是Windows預先定義的本機帳號,但跟一般帳號不同(LookupAccountName查不到),使用時不需密碼,可用於CreateService或ChangeServiceConfig(密碼隨便給)。
Local System
在本機具備最高權限(使用時務必小心),與BUILTIN\Administrators具備相同權限,可存取本機大部分資源,與遠端主機溝通時則使用該主機電腦帳號(<domain_name>\<computer_name>$) 。做為授權對象時,LocalSystem帳號可寫成NT AUTHORITY\SYSTEM、LocalSystem、<computer name>\LocalSystem。執行時期將使用預設使用者機碼(HKET_USERS\.DEFAULT)。
Local Service
在本機的權限相當於Users群組,目的在減小服務或程序遭入侵的損害範圍,存取遠端資源時使用匿名身分。做為授權對象時,Local Service可寫成NT AUTHORITY\LOCAL SERVICE。Local Service有自已的HKEY_USERS機碼(HKEY_USERS\S-1-5-19)
Network Service
在本機的權限相當於Users群組,旨在控制服務程序遭惡意操控時的損害範圍,對外存取遠端資源時使用該主機電腦帳號(<domain_name>\<computer_name>$)。做為授權對象時,Network Service帳號可寫成NT AUTHORITY\NETWORK SERVICE 。Network Service也有自已的HKEY_USERS機碼(HKEY_USERS\S-1-5-20)
Local System、Local Service與Network Service的更多相关文章
- 关于Local System/Local Service/Network Service账户
部署或安装系统服务时需要指定服务运行的账户.一般地,可选择Local System.Local Service或Network Service账户. Local System/Local Servic ...
- 数据库无法访问,用户 NT AUTHORITY/SYSTEM或NT AUTHORITY\NETWORK SERVICE登录失败的解决办法
问题:win7中的在IIS 7.0中,在 Default Web Site 目录下挂一虚拟目录. 在相应的应用程序池 DefaultAppPool 设置标识设置成NetworkService. 但是打 ...
- 【解决】Failed to restart network.service: Unit network.service not found.
问题:使用systemctl restart network 或 service network restart 命令重启网卡失败. 分析:原因其实也很简单,命令用错了,造成了找不到相应的网卡服务. ...
- (转)内置系统账户:Local system/Network service/Local Service 区别
最近会转载一些 MSSQL 基础相关的文章. 参考文献: http://www.cnblogs.com/xianspace/archive/2009/04/05/1429835.html 前言 今天在 ...
- [转帖]内置系统账户:Local system/Network service/Local Service 区别
内置系统账户:Local system/Network service/Local Service 区别 学习使用 xp_cmdshell 的时候 发现必须 sqlserver 的服务运行在local ...
- 内置系统账户:Local system/Network service/Local Service 区别
参考文献: http://www.cnblogs.com/xianspace/archive/2009/04/05/1429835.html 前言 今天在安装sqlserver2008 r2的时候,在 ...
- Local System/Network Service/Local Service
// The name of the account under which the service should run// 1 NT AUTHORITY\\SYSTEM 2 NT AUTHORIT ...
- Windows内置系统账户:Local system/Network service/Local Service 区别
LocalSystem 账户 LocalSystem是预设的拥有本机所有权限的本地账户,这个账户跟通常的用户账户没有任何关联,也没有用户名和密码之类的凭证.这个服务账户可以打开注册表的HKEY_LO ...
- Residential Gateway System for Home Network Service
Disclosed herein is a Residential Gateway (RG) system for home network service. The RG system receiv ...
随机推荐
- golang中channel的超时处理
并发中超时处理是必不可少的,golang没有提供直接的超时处理机制,但可以利用select机制来解决超时问题. func timeoutFunc() { //首先,实现并执行一个匿名的超时等待函数 t ...
- iOS应用内支付(内购)的个人开发过程及坑!
本文会给大家详细介绍iOS内购,这是本人16年5月底的开发过程,希望对看完此篇文章的人有所帮助. 本文基于XcodeVersion 7.3 (7D175)版本,手机是iPhone 6,9.3系统. 部 ...
- Java笔试题二:读程序
public class SopResult { public static void main(String[] args) { int i = 4; System.out.println(&quo ...
- Windows Azure上的Odoo(OpenERP)
OpenERP 改名为 Odoo 了,感觉名字怪怪的.Windows Azure也进入国内了,学习了一段时间的Azure,把它门结合在一起搞搞吧!本系列文章不涉及开发,纯属环境搭建及Odoo 系统功能 ...
- display:inline、block、inline-block的区别(转)
display:block就是将元素显示为块级元素. block元素的特点是: 总是在新行上开始: 高度,行高以及顶和底边距都可控制: 宽度缺省是它的容器的100%,除非设定一个宽度 <div& ...
- Linq101-Quantifiers
using System; using System.Collections.Generic; using System.Linq; namespace Linq101 { class Quantif ...
- ASP.NET生成压缩文件(rar打包)
首先引用ICSharpCode.SharpZipLib.dll,没有在这里下载:http://files.cnblogs.com/files/cang12138/ICSharpCode.SharpZi ...
- JavaScript--Date函数
1. Date函数 var now = new Date(); 获取当前日期对象 now对象->Date.prototype->Object.prototype 将一个字符串转换为Date ...
- js apply
1.作用 函数的apply方法的作用与call方法类似,也是改变this指向,然后再调用该函数.唯一的区别就是,它接收一个数组作为函数执行时的参数 Fn.apply(obj, [arg1, arg2, ...
- 跟我学android-Android应用结构分析(四)
自动生成的R.java文件说明 public final class R { public static final class attr { } public static final class ...