This is not correct, NETWORK is a SID placed in a token that grants access
to the network services(the windows server and/or windows client service),
NOT to the resources like shares pipes etc. A token that has no NETWORK Sid
can't access the network.
NetworkService and LocalSystem are using "machine account" credentials to
access network resources, as such, you need a W2K/W2K3 AD domain realm for
this to work (machine accounts are regular "domain user" accounts in AD).
LocalService uses "anonymous" credentials to access network resources.
Depending on the service account type you have to set the ACL to grant the
required access right for the "machine" or "anonymous logon" account.
Willy.
"Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> wrote in
message news:OWiSEWowEHA.3012@TK2MSFTNGP10.phx.gbl...[color=blue]
> Bonj,
>
> You don't have to have it be in "user" mode, but rather, have the
> service run as a user which can access the network drive. You can
> restrict the other rights of that account easily.
>
> You should also be able to have it run as NetworkService, and then set
> the permissions on the share to allow NETWORK access to it.
>
> Hope this helps.
>
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> -
mvp@spam.guard.caspershouse.com
>
> "Bonj" <Bonj@discussions.microsoft.com> wrote in message
> news:043947C8-3AC4-4741-AB57-206CF1569F42@microsoft.com...[color=green]
>>I need to write a windows service, and the only way it can access a shared
>> drive on a file server on the network is if the installer is put in
>> "User"
>> mode - "LocalService", "LocalSystem" and "NetworkService" don't work.
>> i.e. it
>> can't access the shared drive. But in "User" it can.
>> But I don't want it in user mode, if possible. I would rather it be a
>> service. Is there any way to do it?
>>[/color]
>
>[/color]
