IServiceObjectSecurity Interface

Inherited from

IDispatch

IUnknown

Applies to Objects

ObjectSecurity

The IServiceObjectSecurity interface is useful for security management on Windows services.

You can use the methods of IServiceObjectSecurity to grant permissions to users or groups to manage services, view the status of services running on a Windows computer, and so on. You can also revoke permissions for some users to view service status so that only authorized users can do such operations.

By default, Windows grants permissions to view service details to "Everyone". This implies that if users can log on either locally or remotely to a computer running Windows, they can view the status of the services running on that computer. This operation can be verified using third party tools or a script. The Server Manager does not allow this operation.

For more advanced operations like checking the effective permissions a user has, getting the ACL (Access Control List), the GetObjectSecurity method returns a pointer to the IObjectSecurity Interface.

Property/Method

Description

AttachService

Initializes the object with the service on which operations are to be performed.

GetObjectSecurity

Gets the IObjectSecurity Interface pointer for the current Service object. This is useful to perform advanced operations like checking effective permissions, deleting an ACE and so on

GetServicePermissions

Gets the access permissions that a user or group has on the current Service object.

SetServicePermissions

Gives a user or group permissions on the current Service object.

 Example

To use the functionality provided by IServiceObjectSecurity, the service on which operations are to be performed should be first attached. This can be done using the AttachService functions.

Dim ServiceSecurity As IServiceObjectSecurity
Set ServiceSecurity = CreateObject("DirectScript.ObjectSecurity")
'Attach to the eventlog service on the computer "Moon".
ServiceSecurity.AttachService "eventlog", "Moon"

 

See Also