Secure windows service config file

Question

I have a windows service with an accompanying config file. The service is going to be installed on a bunch of lab computers and monitor things such as diskspace, network connectivity, logins, etc.

After a set interval, it will report the statistics to a Database. In order to connect to the DB, I currently have the application user's name and password stored in the connection string, which can be found in the config file.

What's the best way to secure this, such that regular users cannot access it? We do a similar thing here with our webapps using the Web.config, and we have IIS setup such that people can't browse into the directory and read it.

Is there a best practice to securing a config file stored locally on each machine for a windows service?

Answer 1

Use the same method that you would use for web.config

1- Go to the windows service folder, where configuration file is located

2- Rename the config file to web.config (back it up first)

3- Execute:

c:\Windows\Microsoft.NET\Framework64\[the asp versino]\aspnet_regiis.exe -pef "[name of the config file to encrypt]" .

4- Rename the web.config back to the original name

More info here https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx