W
Will
I am trying to work around a temporary situation on a Windows 2003 server
where group policy was misapplied. NETWORK SERVICE and LOCAL SERVICE
accounts no longer have impersonate privileges and start service privilege
so I need to temporarily start up services in security context of SYSTEM,
get group policy working, then patch up services to run in their original
contexts.
I have done this before we success, but this time I'm thrown for a loop by
DNS Client service, which is not able to start in NETWORK SERVICE security
context. In the registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
there are two values:
ImagePath %SystemRoot%\system32\svchost.exe -k NetworkService
ObjectName NT AUTHORITY\NetworkService
My question is how do I modify ImagePath to start up in the security context
of SYSTEM? It's clear enough how to modify ObjectName to LocalSystem
context, but when you then try to start DNS Client it immediately objects
that the security contexts do not match up. There is some way to get
ImagePath to launch svchost in the security context of system, but how do I
do this?
--
Will
where group policy was misapplied. NETWORK SERVICE and LOCAL SERVICE
accounts no longer have impersonate privileges and start service privilege
so I need to temporarily start up services in security context of SYSTEM,
get group policy working, then patch up services to run in their original
contexts.
I have done this before we success, but this time I'm thrown for a loop by
DNS Client service, which is not able to start in NETWORK SERVICE security
context. In the registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
there are two values:
ImagePath %SystemRoot%\system32\svchost.exe -k NetworkService
ObjectName NT AUTHORITY\NetworkService
My question is how do I modify ImagePath to start up in the security context
of SYSTEM? It's clear enough how to modify ObjectName to LocalSystem
context, but when you then try to start DNS Client it immediately objects
that the security contexts do not match up. There is some way to get
ImagePath to launch svchost in the security context of system, but how do I
do this?
--
Will