Minimize access rights requested when managing services

packetWin7/Dll/Packet32.cpp

@@ -1506,7 +1506,7 @@ BOOLEAN PacketInstallDriver()
 //	if (QueryWinPcapRegistryStringA(NPF_DRIVER_COMPLETE_PATH_REG_KEY, driverLocation, &len, NPF_DRIVER_COMPLETE_PATH) == FALSE && len == 0)
 //		return FALSE;
 
-	scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+	scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
 
 	if(scmHandle == NULL)
 		return FALSE;
@@ -1723,7 +1723,7 @@ BOOL PacketStartService()
 	CHAR	NpfServiceLocation[MAX_WINPCAP_KEY_CHARS] = SERVICES_REG_KEY NPF_DRIVER_NAME;
 
 
-	scmHandle = OpenSCManager(NULL, NULL, GENERIC_READ);
+	scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
 
 	if (scmHandle == NULL)
 	{
@@ -2129,15 +2129,15 @@ BOOL PacketStopDriver()
 //	if (QueryWinPcapRegistryStringA(NPF_DRIVER_NAME_REG_KEY, NpfDriverName, &RegQueryLen, NPF_DRIVER_NAME) == FALSE && RegQueryLen == 0)
 //		return FALSE;
 
-	scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
+	scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
 
 	if(scmHandle != NULL){
 
 		TRACE_PRINT("Opened the SCM");
 
 		schService = OpenServiceA (scmHandle,
 			NpfDriverName,
-			SERVICE_ALL_ACCESS
+			SERVICE_STOP
 			);
 
 		if (schService != NULL)

packetWin7/NPFInstall/NPFInstall/NPFInstall.cpp

@@ -115,7 +115,7 @@ BOOL PacketIsServiceStopPending()
 	SC_HANDLE schSCManager = OpenSCManager(
 		NULL,                    // local computer
 		NULL,                    // ServicesActive database
-		SC_MANAGER_ALL_ACCESS);  // full access rights
+		SC_MANAGER_CONNECT);  // minimal access rights
 
 	if (NULL == schSCManager)
 	{
@@ -129,9 +129,7 @@ BOOL PacketIsServiceStopPending()
 	SC_HANDLE schService = OpenService(
 		schSCManager,         // SCM database
 		_T(NPF_DRIVER_NAME_SMALL),            // name of service
-		SERVICE_STOP |
-		SERVICE_QUERY_STATUS |
-		SERVICE_ENUMERATE_DEPENDENTS);
+		SERVICE_QUERY_STATUS);
 
 	if (schService == NULL)
 	{