I'm trying to restrict remote access to the Service Control Manager on a Windows box in order to forbid a local admin to remotely manage the services. Indeed, with such an access, it's possible to restart services that where disabled for security reasons, like remote registry access, or to install remotely new services.
(See http://www.hsc.fr/ressources/articles/win_net_srv/ch04s07s09.html for the available operations)
Using the pipeaclui from bindview, I guess it's possible to define ACL that deny any access but it is said that "Anytime a named pipe is restarted (or a system reboot), the changes made using pipeaclui will be discarded and the defaults of whatever started the named pipe will be used".
http://www.bindview.com/Services/RAZOR/Utilities/Windows/pipeacltools1_0.cfm
So, I'm wondering if someone known how to stop definitively this feature.
Thanks,
Geof
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
