The CAtlServiceModuleT::Run Function
Run contains calls to PreMessageLoop, RunMessageLoop, and PostMessageLoop. After being called, PreMessageLoop first stores the service's thread ID. The service will use this ID to close itself by sending a WM_QUIT message using the Win32 API function, PostThreadMessage.
PreMessageLoop then calls InitializeSecurity. By default, InitializeSecurity calls CoInitializeSecurity with the security descriptor set to NULL, which means that any user has access to your object.
If you do not want the service to specify its own security, override PreMessageLoop and don't call InitializeSecurity, and COM will then determine the security settings from the registry. A convenient way to configure registry settings is with the DCOMCNFG utility discussed later in this section.
Once security is specified, the object is registered with COM so that new clients can connect to the program. Finally, the program tells the service control manager (SCM) that it is running and the program enters a message loop. The program remains running until it posts a quit message upon service shutdown.