[cvsnt] Re: Least Privilege configuration for CVSNT service
Emmanuel Zaspel
ezaspel at metatec.de
Tue Nov 5 20:41:40 GMT 2002
Sorry for the wrong email identity.
I tried some testing now. It seemed to work at least with only user
privileges
on a standalone system. I wonder why it use the system account.
...
Hmm... now I have a config running with no group membership.
The access right are now reduced to the rights the user who did the CVS
operation. That's what I want.
So how can I test now (Ok Ok sniff on the wire) if SSPI encryption works
and the lockserver did his job ?
Regards
Emmanuel Zaspel
"news.microsoft.com" <ezaspel at metatec.de> schrieb im Newsbeitrag
news:aq94d6$e1d$1 at sisko.nodomain.org...
> Hi there,
>
> since I hope to save time without going into deep testing, is there
someone
> who can tell me the least necessary privileges the CVSNT Service account
> need to do his job ?
>
> I'd like to change the current common praxis: running as SYSTEM
> So it can run under a special account with only the rights it needs.
>
> It seems to need this: SeTcbPrivilege (to impersonate)
>
> Some hints ?
>
> Regards
> Emmanuel Zaspel
>
>
More information about the cvsnt
mailing list