How To – Allow non-admins to start and stop system services

Jump down to Step 1 to skip the blurb

Any Microsoft Windows operating system has services. These are little programs that run in the background of the OS to keep things ticking over. They’re really fundamental to servers as it means that programs can run in the background without any user being logged. In fact Windows servers are fine-tuned to give better performance to background services rather than any app running on the screen.

It’s always the best principle to log on with the least amount of privileges on any PC, i.e. you shouldn’t log on to a desktop or server with full admin rights. You should log on as a normal user and only elevate the  programmes authority to admin level if absolutely necessary.

Some System Administrators may want an easy life and just let everything “run as admin” as it cuts back on a lot of problems, especially when using old software. Obviously this greatly widens the security attack vector, as any user who can gain access to the machine can do anything they want on it.

However, one of the issues of running as a standard user is that you are not allowed to stop or start Windows services. That is by design, you wouldn’t really want a non-admin to stop a critical service. The problem is when you have a Service Account running (as good practice dictates) as a lowly user. To get around this you can give the Service Account permission to do whatever you want to a particular service you want. Unfortunately, this is a bit more convoluted than setting file permissions. This article will explain how to achieve this. It applies to all versions of Windows from Windows 2000 or newer. My screenshots are from the Windows 8 Developer Preview.

Continue reading How To – Allow non-admins to start and stop system services

Advertisements

How to Troubleshoot Windows Update Errors

windows update iconWindows Update (a.k.a. Microsoft Update) is normally pretty reliable in terms of keeping your computer up to date and secure. Unfortunately, there are times when an update crashes your PC (usually due to a conflicting OEM driver) or the update process just stops working. Since Windows Vista, Microsoft moved away from using the update.microsoft.com website and now has a dedicated app in the Control Panel. However, the underlying technologies are still the same. Even if you have the Windows Software Update Services (WSUS) server, controlling 100s or 1000s of computers in a corporate network, you are still going to come across the same kind of problems. You would hope that WSUS had some easy troubleshooting/rollback tools built in but unfortunately that is not the case.

I thought it would be a good idea to gather all the various methods and tools I use when troubleshooting Windows/Microsoft Update to help both Home and Enterprise users alike

Continue reading How to Troubleshoot Windows Update Errors

Bypass compulsory website registration with a shared password

Bug me not screenshot This was an interesting find » Bugmenot.com – login with these free web passwords to bypass compulsory registration.

Many a time I have been pained at the thought of going through another registration process just to see a quick bit of info. This site offers you usernames & passwords for dummy accounts on websites to let you log into a multitude of places. Bear in mind, these aren’t stolen credentials, they are just accounts that others have created and shared for anyone to use.

Simply type in the domain you are trying to access and you will get a list of usernames and passwords as well as success rates of whether they work or not. Be careful though, the password should be readable in plain text not **** or the common “click Yes to see password”. This is a way people are trying to mess with the voting system.

Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else

Just a quick repress here, I never new a free theme could be so malicious. Doesn’t just apply to WordPress though, could be easily as dodgy in Joomla, Drupal or any “Theme” .

Check out the link below and find out how to check if you theme is hiding anything nasty

Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else – WordPress, Multisite and BuddyPress plugins, themes, news and help – WPMU.org.

Warning: Beware fake Adobe Acrobat & Reader updates

It seems to be getting more and more common that Adobe Reader (previously known as Acrobat Reader) is the target for phishing scams and malware. Today I got another email pretending to be from Adobe alerting me of new updates to Reader.

image

This can easily lure the reader into clicking before reading the message properly. There are a few thing that should ring alarm bells to someone who works with computers e.g.

  • Adobe only release updates from their own site not the one listed in the email
  • The new versions are called Adobe Reader X and Acrobat X not Acrobat 2011
  • It is sent from a newsletter that I haven’t subscribed to.

Read more to find tips and info on the real Adobe updates

Continue reading Warning: Beware fake Adobe Acrobat & Reader updates