How to add a privilege to an account in Windows?

windows security permissions wcf named-pipes
8,889

If your NamedPipe WCF Service needs to be hosted in the Global objects to communicate between sessions I'd build it as a separate Windows Service and let the your other applications communicate with each other through the new Windows Service that will be hosting your NamedPipe WCF Service.

Share:
8,889

Related videos on Youtube

mark
Author by

mark

Updated on September 18, 2022

Comments

  • mark
    mark over 1 year

    Given:

    • A VM running Windows 2008
    • I am logged on there using my domain account (SHUNRANET\markk)
    • I have added the "Create global objects" privilege to my domain account:
    • The VM is restarted (I know logout/logon is enough, but I had to restart)
    • I logon again using the same domain account. It seems still to have the privilege: enter image description here
    • I run some process and examine its Security properties using the Process Explorer. The account does not seem to have the privilege: enter image description here

    This is not an idle curiousity. I have a real problem, that without this privilege the named pipe WCF binding works neither on Windows 2008 nor on Windows 7! Here is an interesting discussion on this matter - http://social.msdn.microsoft.com/forums/en-US/wcf/thread/b71cfd4d-3e7f-4d76-9561-1e6070414620.

    Does anyone know how to make this work? Thanks.

    EDIT

    BTW, when I run the process elevated, everything is fine and the process explorer does display the privilege as expected:

    enter image description here

    But I do not want to run it elevated.

    EDIT2

    I equally welcome any solution. Be it configuration only or mixed with code.

    EDIT3

    I have posted the same question on MSDN forums and they have redirected me to this page - http://support.microsoft.com/default.aspx?scid=kb;EN-US;132958. I am yet to determine the relevance of it, but it looks promising.

    Notice also that it is a completely coding solution that they propose, so whoever moved this post to the ServerFault - please reinstate it back in the StackOverflow.

    • mark
      mark almost 13 years
      Please explain why the question should be closed. The solution can be programmatic, which fits perfectly with this site.
    • GrzegorzOledzki
      GrzegorzOledzki almost 13 years
      I am sorry. I didn't get the impression the solution should be programmatic. I only saw the screenshots and thought it's a server configuration issue. But for someone who is into Windows security, it's probably obvious you ask about a programmatic solution, isn't it?
    • mark
      mark almost 13 years
      @Ladislav - then by all means mark it as the answer :-).
    • mark
      mark almost 13 years
      @Grzegorz - I am looking for all solutions. Both configuration and programmatic. And because a programmatic solution is very likely this question belongs here. Of course, configuration only solution is most welcome as well.
    • Admin
      Admin almost 13 years
      You have to run elevated in order to enable certain privileges; there is no way around this.
    • mark
      mark almost 13 years
      This is not true. The NETWORK SERVICE account has this privilege enabled. Yet it never runs elevated.
    • this.josh
      this.josh almost 13 years
      If you included some code, library references, or API references, it would make your question less likly to be flagged or down-voted. Lack of any programming references makes users view it as not programming.
    • Luke
      Luke almost 13 years
      Accounts like NETWORK SERVICE get special treatment from the operating system. In the general case a normal (non-elevated) user account is never going to have those privileges present in its token.
    • mark
      mark almost 13 years
      Please, explain why.
    • longneck
      longneck over 11 years
      @mark "Yet it never runs elevated." this is not true. NETWORK SERVICE does run elevated. that's the point of that account: it lets you run services on the local machine that require elevated rights and be a network server.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Adding ALL RESTRICTED APPLICATION PACKAGES to folder permissions
NTFS: prevent/deny directory delete in a otherwise "personal" folder
How to access files over a network using local accounts?
What are the minimal permissions for WMI access to processes CommandLine?
How to have downloads be automatically unblocked?
Granting service control manager access permission to user outside of administrator group
How do I grant start/stop/restart permissions on a service to an arbitrary user or group on a non-domain-member server?
Lack of permission to open user folder
Permission needed for Named pipes on Windows 2008
CryptographicException: Access denied - How to give access on User store?