2
I would like to know if Windows standard user can normally change service startup type and how to prevent it. A customer reports that on Windows 7 (64-bit) he was able to change startup type from Automatic to Disabled for services of our product, thus disabling the product. Could this be true and is it possible on a standard Windows 7 installation?
Kaitnieks
Posted 2011-07-25T11:01:46.060
Reputation: 133
2
On a standard Windows 7 installation it is not possible. That user must have:
A Dwarf
Posted 2011-07-25T11:01:46.060
Reputation: 17 756
2
I just logged into a Windows 7 test machine as a standard user, and the options to change it are grayed out. I suspect he has more rights than he realizes, even if not an administrator.
KCotreau
Posted 2011-07-25T11:01:46.060
Reputation: 24 985
2
Each Windows service has an ACL attached (just like files or registry keys do). By default, the ACL only allows modifications to Administrators, but it's possible to have it changed to allow certain operations to any user. It's unlikely that this is the case, though – service ACLs are hidden in a rather inconvenient place.
user1686
Posted 2011-07-25T11:01:46.060
Reputation: 283 655
2Disabling the UAC would have no effect. It only affects whether Windows 7 would ask if you want to run certain programs at an elevated level. He would still be limited by his given permissions, which are probably unknowingly administrative, which is really why he could make the change. I just tested the same account below after turning off UAC and rebooting, and the same: Grayed out. – KCotreau – 2011-07-25T11:33:03.937
Thank you for the answer. I wonder though, does disabling UAC really affect standard users, too? – Kaitnieks – 2011-07-25T11:35:11.870
Yes, if coupled with other situations like operating under a administrative account. That is, if you unknowingly have an administrator account and UAC is not disabled you will still get a warning. – A Dwarf – 2011-07-25T11:40:10.477