Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
SERVICE_SID_INFO structure (winsvc.h)
Represents a service security identifier (SID).
Syntax
typedef struct _SERVICE_SID_INFO {
DWORD dwServiceSidType;
} SERVICE_SID_INFO, *LPSERVICE_SID_INFO;
Members
dwServiceSidType
The service SID type.
| Value | Meaning |
|---|---|
|
Use this type to reduce application compatibility issues. |
|
This type includes SERVICE_SID_TYPE_UNRESTRICTED. The service SID is also added to the restricted SID list of the process token. Three additional SIDs are also added to the restricted SID list:
If there are multiple services hosted in the same process and one service has SERVICE_SID_TYPE_RESTRICTED, all services must have SERVICE_SID_TYPE_RESTRICTED. |
|
When the service process is created, the service SID is added to the service process token with the following attributes: SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_OWNER. |
Remarks
The change takes effect the next time the system is started.
The SCM adds the specified service SIDs to the process token, plus the following additional SIDs.
| SID | Attributes |
|---|---|
| Logon SID | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID | SE_GROUP_MANDATORY |
| Local SID | SE_GROUP_MANDATORY | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
This enables developers to control access to the objects a service uses, instead of relying on the use of the LocalSystem account to obtain access.
Use the LookupAccountName and LookupAccountSid functions to convert between a service name and a service SID. The account name is of the following form:
NT SERVICE\SvcName
Note that NT SERVICE is the domain name.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Header | winsvc.h (include Windows.h) |
See also
Feedback
Was this page helpful?