Hello,
First of all, thank you for creating and maintaining this very useful tool!
I would like to request a new feature that allows setting the Service Security Identifier (SID) type when a service is installed.
The Problem / Use Case
I am using wsw to manage a file server service on Windows. I want to create a Windows Firewall rule for this service. The most robust way to do this is by targeting the service's identity (its SID) rather than its executable path or a specific port. This way, the firewall rule remains effective even if the executable path changes.
According to the official Microsoft documentation (Create an Inbound Program or Service Rule), a firewall rule can only target a service if its SID type is set to RESTRICTED or UNRESTRICTED.
Currently, services installed by wsw have a default SID type of NONE, which prevents me from creating service-specific firewall rules.
Proposed Solution
I propose adding an option to set the SID type during service installation or through a configuration subcommand.
Technical Implementation
I noticed that wsw uses the windows-service crate. This crate already provides the necessary API to implement this feature via the Service::set_config_service_sid_info method.
See documentation: https://docs.rs/windows-service/latest/windows_service/service/struct.Service.html#method.set_config_service_sid_info
This feature would greatly enhance wsw's integration with Windows security features and allow for more robust and secure service deployments.
Thank you for your consideration!
Hello,
First of all, thank you for creating and maintaining this very useful tool!
I would like to request a new feature that allows setting the Service Security Identifier (SID) type when a service is installed.
The Problem / Use Case
I am using
wswto manage a file server service on Windows. I want to create a Windows Firewall rule for this service. The most robust way to do this is by targeting the service's identity (its SID) rather than its executable path or a specific port. This way, the firewall rule remains effective even if the executable path changes.According to the official Microsoft documentation (Create an Inbound Program or Service Rule), a firewall rule can only target a service if its SID type is set to
RESTRICTEDorUNRESTRICTED.Currently, services installed by
wswhave a default SID type ofNONE, which prevents me from creating service-specific firewall rules.Proposed Solution
I propose adding an option to set the SID type during service installation or through a configuration subcommand.
Technical Implementation
I noticed that
wswuses thewindows-servicecrate. This crate already provides the necessary API to implement this feature via theService::set_config_service_sid_infomethod.See documentation: https://docs.rs/windows-service/latest/windows_service/service/struct.Service.html#method.set_config_service_sid_info
This feature would greatly enhance
wsw's integration with Windows security features and allow for more robust and secure service deployments.Thank you for your consideration!