A folder with WRITE permission for a Windows service and only READ permission for other applications

Question

A folder with WRITE permission for a Windows service and only READ permission for other applications

I want to write some files from a Windows service and be able to read them from other applications. But I do not want other applications to be able to write to this folder.

Is there a standard folder for this (for example, is there application data for storing data that does not need to be read from other applications)?

+4

c # .net windows-services appdata

ispiro Feb 06 '18 at 11:55

source share

1 answer

Rainer Schaack · Accepted Answer · 2018-02-06T23:22:30+0000

It is important to consider that Windows sets permissions to read and write files based on the user (or the group of which he is a member) and ACL entries in the file system. Thus, "preventing other applications from writing to this folder" really "other applications that run as a regular user."

You can place the service in a directory under

C:\Program Files,

eg.

C:\Program Files\CompanyName\ServiceInstallDir

If the service runs under the local SYSTEM account, it has permission to write to this folder. And ordinary users have read-only access.

But keep in mind that this is not bulletproof, and you never know if someone with administrator rights will change the permissions on your folder after installation.

, (, Active Directory ).

, " " Windows, SYSTEM , .

( Active Directory) , .

, " " ( AD).

: - () Restore Privileges, ACL.

:

SYSTEM , , .

eryksun (. ) !

. https://blogs.technet.microsoft.com/voy/2007/03/22/per-service-sid/

, .

A folder with WRITE permission for a Windows service and only READ permission for other applications

More articles: