> > I'd be interested in seeing the output from the command:
> > Subinacl /service NULL
> >
> > On a system where this does not work.
> >
>
> Here is the output for "Subinacl /service NULL"
> Both, for the Administrator user and for the Postgres user:
Thanks.
> Postgres user:
> >Subinacl /service NULL
> SeSecurityPrivilege : Access is denied.
> WARNING :Unable to set SeSecurityPrivilege privilege. This
> privilege may be required.
> Error OpenSCManager : Access is denied.
That's quite normal - the postgres user doesn't have permission to open
the SC Manager to view the permissions, because it's not a Power User.
> Administrator user:
This is good. It shows one very clear difference from what I have on a
working system, which is:
> /pace =authenticated users ACCESS_ALLOWED_ACE_TYPE-0x0
> SERVICE_USER_DEFINED_CONTROL-0x0100
On my system, I have:
/pace =authenticated users ACCESS_ALLOWED_ACE_TYPE-0x0 SERVICE_QUERY_CONFIG-0x1
SERVICE_QUERY_STATUS-0x4
SERVICE_ENUMERATE_DEPEND-0x8 SERVICE_INTERROGATE-0x80 READ_CONTROL-0x20000
SERVICE_USER_DEFINED_CONTROL-0x0100
So this is the problem. Now to figure out how to fix it :-) From what I
can tell it simply needs to add back the missing ACE flags. This command
hopefully should work (not tested apart from the syntax, since I don't
have a good testig place, but please try it and if it doesn't work see
if you can figure out what to change):
Subinacl /service NULL /grant="authenticated users"=QSEILU
You need to run this as administrator of course, but it should hopefully
unlock the NUL device again.
//Magnus
