Give webservice access to windows service - security

I am running a webservice on server 2008 that needs access to a windows service and I need to give access to [the user that the web service is running as] via the command line.
(sorry if my wording is terrible, hopefully the brackets helped?).
I know there is a utility available with the windows 2000 resource kit (SUBINACL.exe), but is there one available in server 08 that doesn't require downloading a resource kit?
Thanks.

For everyone else wondering how to do this...
Microsoft offers a utility available for download called Subinacl.exe that allows you to do just this.
subinacl.exe /service <serviceName> /grant=Domain\AccountName=<AccessType>
For info on the different access types and on the utility in general...
subinacl.exe /help /full

Related

Can I deploy an application using OpenLDAP on Linux server to Windows client?

Is it possible to deploy installers (for example Chrome browser .exe file) to install on Windows client computers across all office buildings using OpenLDAP? The OpenLDAP is installed on CentOS 8. If it is not possible can Active Directory Help Me?
Why would you use a directory service to store binary files? This might be possible but it's a terrible idea.
Active Directory is a broad suite of tools. AD Domain Services is basically the OpenLDAP equivalent https://social.technet.microsoft.com/wiki/contents/articles/699.active-directory-domain-services-ad-ds-overview.aspx and doesn't do what you want
AD GP (Group Policy) allows you to push software https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/use-group-policy-to-install-software but if you're only using it to push a Chrome installer, it's overkill to set it all up. It does work though!
You can also use SCCM (oh I guess it's called MECM now, haven't touched it in a hot minute).

CIS hardening script for windows 2016 server in GCP

I want to perform hardening in my Windows server 2016 which is hosted under a GCP account. Anyone has any Ansible or other scripts to perform CIS hardening level on the above spec?
Actually, I'm a newbie in this area and your recommendation would be grateful.
Awaiting expert commands?
Take a look at this Github posts, seems to be what you are looking for. HardeningKitty and Windows 10 Hardening. Even though the titel says windows 10, in the article there's a full list of "supported" systems including Windows Server 2016.

run sharepoint powershell from c# on another PC?

If the C# application is on the same server as sharepoint, I know we can use RunSpace to run the pwoershell script, but what if the C# app. and sharepoint server are on different PCs?
Is this possible?
thanks
yes, its possible, though messy. In Powershell 2.0+, there's a feature called remote powershell, so you can effectively, via c# code, send Powershell commands to your local powershell instance, and use that to log into the remote instance.
A slightly less insane idea would be to simply create a web service on the remote machine, and have that run the remote powershell commands, from the web service.
And even less crazy idea is just to write a web service, and have that run code on the remote server. : )
Good luck!
If you are administrator on the remote box, you can try combining PsExec and PowerShell.

How do I debug a Worker Role using Remote Desktop with Windows Azure?

I now have my Windows Azure environment set up so that I can access my Worker Role with Remote Desktop. However, I'm not sure how to proceed at the moment. After much digging I found a web site that was offline but in Google's cache there was mention of attaching to the Worker Role running in the Azure Cloud from the Visual Studio debugger. But I only have Visual Developer (not studio) 2010 and I have searched all over and as far as I can see there is no such option to attach to a remote server. I am able to publish my project to the Azure Cloud without error and I have a "healthy" instance of my Worker Role showing as active and running.
I did connect with RDP through the Azure Management portal. The login worked fine and up came the remote desktop window. I searched through much of what I could find and was unable to find my Worker Role. I must have the wrong impression of RDP, because I had hoped to see the Worker Role's main display form when I logged in, just like I do when I debug it locally in the Cloud Emulator. But instead all I saw was a blank desktop with some base level server inspection and management routines. I even checked the Event Viewer for Application related messages and saw none.
So now I'm stuck wondering if my Worker Role is actually running or not, despite the seemingly positive status messages from the Management Portal, and I still want to attach to my Worker Role for debugging through Visual Developer, if it's possible, but I am unable to figure out how.
Anyone with experience in this area that can give me some solid tips on what to do next, please respond.
UPDATE: I believe my worker role may be running because I opened a command window and did a Netstat and saw it listening on the correct port. However, that may just be my Worker Role shell class that starts the custom EXE I have it launch as a spawned proces. I still haven't confirmed if my custom EXE is running yet.
UPDATE-2: Just ran TaskList from a command window and the custom EXE is listed.
UPDATE-3: Everything is working as I just ran a remote test of the service so that's not a problem. Still want to know how to attach to the Worker Role from Visual Developer 2010 for remote debugging, and if it's possible to see the custom EXE's display form like I do when doing local debugging in the Cloud Emulator.
-- roschler
There is a set of articles here which goes in length on how to set up for remote debugging in Azure:
http://blogs.u2u.be/peter/post/2011/06/21/Remote-debugging-an-Azure-Worker-role-using-Azure-Connect-Remote-desktop-and-the-remote-debugger.aspx
http://blogs.u2u.be/peter/post/2011/06/24/Remote-debugging-an-Azure-worker-role-using-Azure-Connect-remote-desktop-and-remote-debugger-part-2.aspx
http://blogs.u2u.be/peter/post/2011/06/26/Remote-debugging-a-Windows-Azure-Worker-Role-using-Azure-Connect-Remote-desktop-and-the-remote-debugger-part-3.aspx
The key takeaway is that you don't need to actually install Visual Studio on Azure, you only need to copy the Remote Debugger bits and then use Azure Connect to add your developer machine to the Virtual Network.
You can setup Remote Debugging with Visual Studio 2012
http://code.msdn.microsoft.com/Remote-Debugging-Windows-dedaaec9
When you say:
But instead all I saw was a blank desktop with some base level server inspection and management routines.
this is exactly what you get with an Azure VM. It's a basic OS install, plus the bare minimum of Azure stuff it needs to run and the code you've uploaded. There's no fancy monitoring or health checks available on the machine by default, you're expected to have provided those yourself to have them available without having to RDP into the machine to check on it.
RDP is very good for tracking down certain problems, like checking that a startup task will run, checking which directories items are installed in and just generally being nosey. If you need extra tools to track down a problem, you can just install them while you're connected to the server. For example I have RDPed into a server and installed the Microsoft Debugging Tools, to track down a memory issue.
I suppose you could remote into your VM, install Visual Studio there, and debug the process...
I also suppose it might be possible to enable remote debugging (not sure what's involved there, but such a thing exists, and it works over TCP) and debug from a local instance of Visual Studio.
To my knowledge, neither is commonly done.
Based on other answers, you would be better off writing a log file to a local storage. You can read the file from RDP if you reallyhace to. Keep in mind, debugging on Azure isn't really simple, and rightly so.
What I was thinking though was, maybe you could run the process using the user's credentials. I can't verify at the moment, but you have a better shot of seeing the ui when you rdp.

Setup Project - Allow multiple installation of the same Windows Service

I have a question regarding to Setup Projects in .Net (c# language, Framework 4.0):
I made a setup project for a Windows Service, on the installation wizard, the user must input the name of the Windows Service as it would be installed. The setup program also creates a shortcut to the Uninstall program in case the user wants to remove that Windows Service.
The question is: how to let the user run the same setup program several times specifing different service name?
This behaviour could be required because the windows service is a socket consumer that connects to a server and retrieves data; to take advantage of the server capabilities the user could install the same windows service multiple times pointing to a different port on the server, to perform the data retrieving task much faster. The service is the same, the user just modify the port on the configuration file of the service, so that's why it's not logical to create a new version of the installer each time.
Any clue or suggestion would be appreciated, thanks in advance.
This can be done by using an multiple instances installation. The general approach is:
create a transform for each instance you want available to the user
use a custom EXE bootstrapper which applies a new transform to your MSI package each time a new instance is installed
The transform should change at least the PackageCode, ProductCode and UpgradeCode.
This is not supported by Visual Studio setup projects. So either you do it manually or use a commercial setup authoring tool which supports multiple instances.

Resources