Feature Request: Allow configuration of Service SID Type #23
Description
Hello,
First of all, thank you for creating and maintaining this very useful tool!
I would like to request a new feature that allows setting the Service Security Identifier (SID) type when a service is installed.
The Problem / Use Case
I am using wsw to manage a file server service on Windows. I want to create a Windows Firewall rule for this service. The most robust way to do this is by targeting the service's identity (its SID) rather than its executable path or a specific port. This way, the firewall rule remains effective even if the executable path changes.
According to the official Microsoft documentation (Create an Inbound Program or Service Rule), a firewall rule can only target a service if its SID type is set to RESTRICTED or UNRESTRICTED.
Currently, services installed by wsw have a default SID type of NONE, which prevents me from creating service-specific firewall rules.
Proposed Solution
I propose adding an option to set the SID type during service installation or through a configuration subcommand.
Technical Implementation
I noticed that wsw uses the windows-service crate. This crate already provides the necessary API to implement this feature via the Service::set_config_service_sid_info method.
See documentation: https://docs.rs/windows-service/latest/windows_service/service/struct.Service.html#method.set_config_service_sid_info
This feature would greatly enhance wsw's integration with Windows security features and allow for more robust and secure service deployments.
Thank you for your consideration!