[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
RE: Re[2]: bad security setting for win32 tor service
- To: <or-talk@xxxxxxxxxxxxx>
- Subject: RE: Re[2]: bad security setting for win32 tor service
- From: "Bob Monfort" <monfster@xxxxxxxxx>
- Date: Fri, 19 Aug 2005 12:28:51 -0700
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Fri, 19 Aug 2005 15:29:24 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:x-mailer:thread-index:x-mimeole:in-reply-to:message-id; b=C/zIi+mWYYwrwTedJIM6IzpSb2NEqLb8uxXZnJ0xpkOV9sUolW1AVzLROt5ewBbXdZ2yTdYQDaEadd9jBGkGCqEBVK3/2eKQijUjFwyWWFFcc0SBWuFR8KImuJ6lQvB1+semvdBH1PRSyUmvWugEnEilmM7Aoo3eYrOj86nxMeo=
- In-reply-to: <1997094928.20050819211739@gmxpro.de>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- Thread-index: AcWk8qzqukIzreNUSQ2YlroQ8tuLxAAAL3/w
Hi-
> BM> encrypted using xp EFS
>
> that's pretty useless for a service-account, the password is somewere
> on the harddisk
It certainly isn't a totally secure solution, I was just doing that in
reference to J. Random User's ability to get the keys (either remotely or
locally). Of course locks on doors are only to keep the honest people out.
> BM> Is running it as LocalService better?
>
> I'm not sure.
>
> You should delete the membership of the Tor-account in the group
> "Users". Then the Toraccount has the same rights as the User Guest.
> run: lusrmgr.msc
> or
> net LOCALGROUP Users <Tor_Service_User> /DELETE
OK, just did that, and it still runs, thanks!
I think merging Matt's patch is definitely a good idea for the next release,
letting it run as LocalService by default, and the error message thing is an
improvement over having to run "sc query" every time...
-Bob