X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=r05wB6dWRFoQzY1Lg3hzLbSaW1u6f
	Oai5YtDSi3QDQRhqk9WpFvkP8WbG5bs9aKy3pO7GXDnrmAkktawjBIUZ1C00LIiK
	x++YckmbG47WrmRZB+vn8YA+lFcHfmCiSKUgRd64oRAXUOeRKpXt2w3iNur0rYhe
	rd1WtmE2LBTr8o=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=78ioWEDGrKLcphdwsx4nYVlPpRA=; b=VLc
	Od5yuXRQF9Rx9IWJZcZQnl511NlgZHgWAPkZFRHM8SSp3Jr2/+XtSXqxiq1M3RJl
	wDT3Wm/xm/6FR4CVd7crlHUVVGbC9s/LtfGGmCUlnF7TL1TMgNUmvaEv1UUO5WVy
	ZJXxEaBjuRsX33ymuxeCaru3EHTEcGqTInC9bJ8M=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=screen, hide, deny, H*c:alternative
X-HELO: mout.gmx.com
X-UI-Sender-Class: 214d933f-fd2f-45c7-a636-f5d79ae31a79
MIME-Version: 1.0
From: Bill Stewart <bstewart AT iname DOT com>
Date: Wed, 9 Jan 2019 15:12:03 -0700
Message-ID: <CANV9t=QQDCwDghXo=fXS-stfZqbnWxdb3SS1U7xD8gcEGdDiGA@mail.gmail.com>
Subject: csih_create_privileged_user - use of SeDenyInteractiveLogonRight
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset="UTF-8"

Greetings,

/usr/share/doc/csih/ChangeLog has the following note for 2015-04-02:

* cygwin-service-installation-helper.sh
(csih_create_privileged_user): Also add SeDenyInteractiveLogonRight to the
service user. otherwise it will be shown on the logon screen in some
versions of Windows.

From this comment, it would seem that the only purpose of adding this user
right ("Deny log on locally") is to hide the user from the logon screen.

Is this correct? In other words, is preventing the account from showing in
the logon screen the _only_ reason for adding SeDenyInteractiveLogonRight?

Thanks,

Bill

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple