[cvsnt] Re: Least Privilege configuration for CVSNT service

Emmanuel Zaspel ezaspel at metatec.de
Tue Nov 5 20:41:40 GMT 2002

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

Sorry for the wrong email identity.

I tried some testing now. It seemed to work at least with only user
on a standalone system. I wonder why it use the system account.
Hmm... now I have a config running with no group membership.

The access right are now reduced to the rights the user who did the CVS
operation. That's what I want.

So how can I test now (Ok Ok sniff on the wire) if SSPI encryption works
and the lockserver did his job ?


Emmanuel Zaspel

"news.microsoft.com" <ezaspel at metatec.de> schrieb im Newsbeitrag
news:aq94d6$e1d$1 at sisko.nodomain.org...
> Hi there,
> since I hope to save time without going into deep testing, is there
> who can tell me the least necessary privileges the CVSNT Service account
> need to do his job ?
> I'd like to change the current common praxis: running as SYSTEM
> So it can run under a special account with only the rights it needs.
> It seems to need this:  SeTcbPrivilege (to impersonate)
> Some hints ?
> Regards
> Emmanuel Zaspel

More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook