Commit 252a6ae 1 parent c97b438 commit 252a6ae Copy full SHA for 252a6ae
File tree 1 file changed +7
-2
lines changed
1 file changed +7
-2
lines changed Original file line number Diff line number Diff line change @@ -108,15 +108,20 @@ func grantServiceRights() error {
108108 if err != nil {
109109 return trace .Wrap (err , "getting current service DACL" )
110110 }
111+ // This is the universal well-known SID for "Authenticated Users".
112+ authenticatedUsersSID , err := windows .StringToSid ("S-1-5-11" )
113+ if err != nil {
114+ return trace .Wrap (err , "parsing authenticated users SID" )
115+ }
111116 // Build an explicit access entry allowing authenticated users to start,
112117 // stop, and query the service.
113118 ea := []windows.EXPLICIT_ACCESS {{
114119 AccessPermissions : windows .SERVICE_QUERY_STATUS | windows .SERVICE_START | windows .SERVICE_STOP ,
115120 AccessMode : windows .GRANT_ACCESS ,
116121 Trustee : windows.TRUSTEE {
117- TrusteeForm : windows .TRUSTEE_IS_NAME ,
122+ TrusteeForm : windows .TRUSTEE_IS_SID ,
118123 TrusteeType : windows .TRUSTEE_IS_WELL_KNOWN_GROUP ,
119- TrusteeValue : windows .TrusteeValueFromString ( "Authenticated Users" ),
124+ TrusteeValue : windows .TrusteeValueFromSID ( authenticatedUsersSID ),
120125 },
121126 }}
122127 // Merge the new explicit access entry with the existing DACL.
You can’t perform that action at this time.
0 commit comments