However, the client application can use the session moniker to reference an object provided by the server in a session that does not match the client identity. When this is used, the client application can specify any session, in which case the server will run as the user who owns the session, not the launching user. The default access permissions in this scenario would not allow the launching user to call methods on the server.
However, the following security risks remain:. Skip to main content. Hope that helps. Cheers, Tas Chew. Marked as answer by rocklore Sunday, October 6, PM. Sunday, October 6, AM. Kujala 1. Read these articles. It may helps you a little. What is Interactive Logon? Thursday, October 3, AM. I've read those two, there the only ones I can find but I don't understand them. Thursday, October 3, PM. I've read those two, there the only ones I can find but I don't understand them Hi, The diagram illustrated in What is Interactive Logon has explained it all.
Friday, October 4, PM. Still a couple of questions: 1. What is the difference between classic logon and interactive logon I have more questions related to interactive logon but ill probably ask those after I understand this part. Edited by rocklore Friday, October 4, PM. Edited by rocklore Sunday, October 6, PM. Sunday, October 6, PM. Which one is more secure please? Too easy to grant them interactive account permissions.
If there is really no way to start service on dedicated accounts, then create separated one which will be not able to login to any machine and give them minimal rights only to run service needed. Lukasz Chlap. Interactive user account. In Microsoft Windows , Security 19 December Windows Server services security Windows Server services security.
Understanding the problem 10itreporter service running on interactive user account Running the service on user account is always a bad idea. Starting from Application as Service v. In other words, you can choose the session in which the window of your interactive service will be visible.
Otherwise, the service will be launched in the background and without UI. This option is disabled by default. Additionally, you can restrict or grant your service certain privileges. To do this, choose the user account under which the service will run. Remote clients, connected to your PC via RDP, can choose the session in which the interactive service will run.
If Console session is chosen the actual session of the server , the interactive service will be started, but its UI will not be visible on the client side. Starting from Windows Vista, services are isolated in Session 0, while user applications run in subsequent sessions — Session 1, 2, etc.
0コメント