I have a Windows Service running in Windows Server 2016 (under the SYSTEM account), and I need the service to access Web API credentials which should be stored in environment variables. I don't want them stored in the standard System environment variables, otherwise anyone with access to the server could see them. Can I store them so only the SYSTEM account has access, and if so, how?
Answer
Found the solution: In the registry, add a Value/Data pair to the key \HKEY_USERS\S-1-5-18\Environment\ This will of course allow all local admins access (as would any "secure" solution), but that group in this case is trustworthy.
No comments:
Post a Comment