Restricting access to SVCCTL named pipe on Windows

[Geof <geofgeof () gmail com>]

Hello,

I'm trying to restrict remote access to the Service Control Manager on a
Windows box in order to forbid a local admin to remotely manage the
services. Indeed, with such an access, it's possible to restart services
that where disabled for security reasons, like remote registry access, or to
install remotely new services.
(See http://www.hsc.fr/ressources/articles/win_net_srv/ch04s07s09.html for
the available operations)

Using the pipeaclui from bindview, I guess it's possible to define ACL that
deny any access but it is said that "Anytime a named pipe is restarted (or a
system reboot), the changes made using pipeaclui will be discarded and the
defaults of whatever started the named pipe will be used".
http://www.bindview.com/Services/RAZOR/Utilities/Windows/pipeacltools1_0.cfm


So, I'm wondering if someone known how to stop definitively this feature.

Thanks,

Geof

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/