FreeRDP-WebConnect icon indicating copy to clipboard operation
FreeRDP-WebConnect copied to clipboard
verified publisher icon FreeRDP

WebConnect winservice

Open ssleptsov opened this issue 11 years ago • 7 comments

Hi, Why winService need to run with local user? And can't run with LocalSystem? Because what I see is that session create success, but there is not images...

Thanks.

ssleptsov avatar Dec 12 '14 23:12 ssleptsov

  1. security, localsystem has full access to the os in case of exploits

  2. Network connectivity to other hosts (RDP in this case)

alexpilotti avatar Dec 12 '14 23:12 alexpilotti

Thanks for response. But anyway is it possible to config it to work with localSystem?

ssleptsov avatar Dec 12 '14 23:12 ssleptsov

I could run a windows application that implement RDP from win service under the localSystem (connect the 2 process by PIPE), why can't do that for FreeRDP?!

On Fri, Dec 12, 2014 at 5:39 PM, Alessandro Pilotti < [email protected]> wrote:

  1. security, localsystem has full access to the os in case of exploits

  2. Network connectivity to other hosts (RDP in this case)

— Reply to this email directly or view it on GitHub https://github.com/FreeRDP/FreeRDP-WebConnect/issues/87#issuecomment-66852166 .

Joseph1977 avatar Dec 12 '14 23:12 Joseph1977

I suggest to use a minimum set of user permissions: any potential service exploit translates into a full "root" exploit otherwise when using local system.

alexpilotti avatar Dec 13 '14 00:12 alexpilotti

I agree, the question is could FreeRDP run on local-system or not, and if not why?

On Fri, Dec 12, 2014 at 6:26 PM, Alessandro Pilotti < [email protected]> wrote:

I suggest to use a minimum set of user permissions: any potential service exploit translates into a full "root" exploit otherwise when using local system.

— Reply to this email directly or view it on GitHub https://github.com/FreeRDP/FreeRDP-WebConnect/issues/87#issuecomment-66855719 .

www.benraz.com

Joseph1977 avatar Dec 13 '14 00:12 Joseph1977

Unless you need transitive authentication or Kerberos auth, everything is possible as localsystem. :-)

You just need to change the service logon to LocalSystem.

Just to be clear (for the benefit of future readers of these comments), this is absolutely unsupported :-)

alexpilotti avatar Dec 13 '14 00:12 alexpilotti

Clear, thanks :)

Sent from my phone, please excuse the typos! On Dec 12, 2014 6:39 PM, "Alessandro Pilotti" [email protected] wrote:

Unless you need transitive authentication or Kerberos auth, everything is possible as localsystem. :-)

You just need to change the service logon to LocalSystem.

Just to be clear (for the benefit of future readers of these comments), this is absolutely unsupported :-)

— Reply to this email directly or view it on GitHub https://github.com/FreeRDP/FreeRDP-WebConnect/issues/87#issuecomment-66856602 .

Joseph1977 avatar Dec 13 '14 00:12 Joseph1977