473,881 Members | 1,670 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

"Access denied" while trying to change a service priorityclass

Yes, sorry I tried to make it clear in the original question that I want to
get the user token of the service - ie. the account the service is running
under. I know services don't have user tokens - I suspect users do have
tokens, hence "user token", otherwise we might call them "service tokens" or
somesuch :-)

If you read the question again, you migh see that the fundamental question
is, *assuming there is no other approach*:

The service runs as "Local System" - can I impersonate the "Local System"
account?

I don't believe that "logonuser" can help with this.

What I was trying to demonstrate with the code is that I can get the process
that the service is running as - I just cannot get its user token.

Is there anyone here who can understand my original question and have a go
at answering it? I would be grateful for any assistance.

"Nicholas Paldino [.NET/C# MVP]" wrote:
Well, you would want to get the token of a user that has the appropriate
rights to change the priority of the class.

There is no such thing as the user token of the service. The service
runs under a user account, and that user is the one assocaited with the
process/thread.

If you don't have the appropriate permissions then you need to have the
service run under a user account that has permissions (in which case, none
of this is necessary), or call the LogonUser API function through the
P/Invoke layer, passing the username and password of the user you want to
impersonate, then use the user token returned from LogonUser to pass to the
Impersonate method (the documentation for the Impersonate method should have
an example of how to call LogonUser).

It should be noted that changing the priority of any process is
generally a bad idea.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m

"muradjames " <mu********@dis cussions.micros oft.comwrote in message
news:28******** *************** ***********@mic rosoft.com...
I have a service running on my PC. I want to set the service's
PriorityClass
to BelowNormal. I use the following code:

Process process = GetServiceProce ss();

// How can I get the user's token (Local System) from the
process, or wherever?

using (WindowsImperso nationContext user =
WindowsIdentity .Impersonate(us erToken))
{
process.Priorit yClass =
Settings.Defaul t.servicePriori ty;
}

Clearly, this cannot work - I need the userToken.

So, my questions are:

1) Is this the correct approach? I am assuming that the "access denied" is
caused by the fact that my application is running as one user, and the
service is running as local system so I cannot change it? My approach is
to
impersonate the local system user while I change the priority class.

2) If this is correct, how can I get the user token *of the service* (i.e.
the Local System token) so that I can impersonate it?

I am using .Net 3.5, by the way...any help gratefully accepted!!!
Nov 6 '08 #1
2 5346
I see what you are saying now.

Getting the user that the process executes under doesn't guarantee that
you will have rights to elevate the priority of the process. I don't know
if the LocalService account does (it's easy enough to check though, create a
service to run under the LocalService account and see if you can elevate
your own priority).

Impersonating the local service seems to be a little more difficult, and
is laid out here:

http://geek.hubkey.com/2008/02/imper...e-account.html

If the LocalService account doesn't allow this, then you have to run the
program attempting to elevate the process under an account that does have
the appropriate permissions.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m
"muradjames " <mu********@dis cussions.micros oft.comwrote in message
news:63******** *************** ***********@mic rosoft.com...
Yes, sorry I tried to make it clear in the original question that I want
to
get the user token of the service - ie. the account the service is running
under. I know services don't have user tokens - I suspect users do have
tokens, hence "user token", otherwise we might call them "service tokens"
or
somesuch :-)

If you read the question again, you migh see that the fundamental question
is, *assuming there is no other approach*:

The service runs as "Local System" - can I impersonate the "Local System"
account?

I don't believe that "logonuser" can help with this.

What I was trying to demonstrate with the code is that I can get the
process
that the service is running as - I just cannot get its user token.

Is there anyone here who can understand my original question and have a go
at answering it? I would be grateful for any assistance.

"Nicholas Paldino [.NET/C# MVP]" wrote:
> Well, you would want to get the token of a user that has the
appropriate
rights to change the priority of the class.

There is no such thing as the user token of the service. The service
runs under a user account, and that user is the one assocaited with the
process/thread.

If you don't have the appropriate permissions then you need to have
the
service run under a user account that has permissions (in which case,
none
of this is necessary), or call the LogonUser API function through the
P/Invoke layer, passing the username and password of the user you want to
impersonate, then use the user token returned from LogonUser to pass to
the
Impersonate method (the documentation for the Impersonate method should
have
an example of how to call LogonUser).

It should be noted that changing the priority of any process is
generally a bad idea.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m

"muradjames " <mu********@dis cussions.micros oft.comwrote in message
news:28******* *************** ************@mi crosoft.com...
>I have a service running on my PC. I want to set the service's
PriorityClas s
to BelowNormal. I use the following code:

Process process = GetServiceProce ss();

// How can I get the user's token (Local System) from
the
process, or wherever?

using (WindowsImperso nationContext user =
WindowsIdentity .Impersonate(us erToken))
{
process.Priorit yClass =
Settings.Defaul t.servicePriori ty;
}

Clearly, this cannot work - I need the userToken.

So, my questions are:

1) Is this the correct approach? I am assuming that the "access denied"
is
caused by the fact that my application is running as one user, and the
service is running as local system so I cannot change it? My approach
is
to
impersonate the local system user while I change the priority class.

2) If this is correct, how can I get the user token *of the service*
(i.e.
the Local System token) so that I can impersonate it?

I am using .Net 3.5, by the way...any help gratefully accepted!!!

Nov 6 '08 #2
Thanks Nicholas. The funny thing is that I can lower the priority class for
the service to "BelowNorma l" (what I want to do) using Sysinternals process
explorer. However, when I try from my app, I get "access denied". I wonder if
the problem is something else, rather than permissions...i n fact, I just
tried this:

I used WindowsIdentity .GetCurrent() to get the user name in the app and it's
me (not unexpected). I am an administrator on this pc so why can I not drop
the priority class of the service? Maybe this is a "red herring".

Re your second point - how can I elevate my privileges? Is that by using
GetCurrent() and passing a TokenAccessLeve ls access level? If so, what should
I request? (or is there more to it than that?)

Thanks again!

"Nicholas Paldino [.NET/C# MVP]" wrote:
I see what you are saying now.

Getting the user that the process executes under doesn't guarantee that
you will have rights to elevate the priority of the process. I don't know
if the LocalService account does (it's easy enough to check though, create a
service to run under the LocalService account and see if you can elevate
your own priority).

Impersonating the local service seems to be a little more difficult, and
is laid out here:

http://geek.hubkey.com/2008/02/imper...e-account.html

If the LocalService account doesn't allow this, then you have to run the
program attempting to elevate the process under an account that does have
the appropriate permissions.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m
"muradjames " <mu********@dis cussions.micros oft.comwrote in message
news:63******** *************** ***********@mic rosoft.com...
Yes, sorry I tried to make it clear in the original question that I want
to
get the user token of the service - ie. the account the service is running
under. I know services don't have user tokens - I suspect users do have
tokens, hence "user token", otherwise we might call them "service tokens"
or
somesuch :-)

If you read the question again, you migh see that the fundamental question
is, *assuming there is no other approach*:

The service runs as "Local System" - can I impersonate the "Local System"
account?

I don't believe that "logonuser" can help with this.

What I was trying to demonstrate with the code is that I can get the
process
that the service is running as - I just cannot get its user token.

Is there anyone here who can understand my original question and have a go
at answering it? I would be grateful for any assistance.

"Nicholas Paldino [.NET/C# MVP]" wrote:
Well, you would want to get the token of a user that has the
appropriate
rights to change the priority of the class.

There is no such thing as the user token of the service. The service
runs under a user account, and that user is the one assocaited with the
process/thread.

If you don't have the appropriate permissions then you need to have
the
service run under a user account that has permissions (in which case,
none
of this is necessary), or call the LogonUser API function through the
P/Invoke layer, passing the username and password of the user you want to
impersonate, then use the user token returned from LogonUser to pass to
the
Impersonate method (the documentation for the Impersonate method should
have
an example of how to call LogonUser).

It should be noted that changing the priority of any process is
generally a bad idea.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m

"muradjames " <mu********@dis cussions.micros oft.comwrote in message
news:28******** *************** ***********@mic rosoft.com...
I have a service running on my PC. I want to set the service's
PriorityClass
to BelowNormal. I use the following code:

Process process = GetServiceProce ss();

// How can I get the user's token (Local System) from
the
process, or wherever?

using (WindowsImperso nationContext user =
WindowsIdentity .Impersonate(us erToken))
{
process.Priorit yClass =
Settings.Defaul t.servicePriori ty;
}

Clearly, this cannot work - I need the userToken.

So, my questions are:

1) Is this the correct approach? I am assuming that the "access denied"
is
caused by the fact that my application is running as one user, and the
service is running as local system so I cannot change it? My approach
is
to
impersonate the local system user while I change the priority class.

2) If this is correct, how can I get the user token *of the service*
(i.e.
the Local System token) so that I can impersonate it?

I am using .Net 3.5, by the way...any help gratefully accepted!!!


Nov 6 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1686
by: Jon Rista | last post by:
Hello. I'm trying to automate Excel in a C# Windows Service. This windows service has to be able to access files on network shares, so it uses a domain account on a WinNT 4.0 domain server, rather than the Local Service or Network Service, or System account. I'm running into a problem, though, with trying to instantiate Excel. When I execute the following: using Excel = Microsoft.Office.Interop.Excel; using Microsoft.Office.Core; //...
1
7059
by: Winterminute | last post by:
If I try to make any changes to the ASP.NET Portal Starter kit it fails with an access denied error. This was working when I left last week and is failing today. I don't remember changing anything, but I guess something had to be changed. I have checked NTFS permissions and the ASPNET account has full control on the parent directory of that XML file and on the file itself. I have also checked in IIS, and the Virtual Directory has...
6
4146
by: ASP.Confused | last post by:
I have an ASP.NET page writtein in VB that uses ADODB. I just had to force-install MDAC 2.8 after I tried to rollback to 2.6 (my web host uses this, and I wanted to be compatible with them.) I had to manually install all of the ODBC drivers and the rest of the DLL's, and now I am getting "Access is Denied" errors on any page that uses ADODB. How do I fix it? I already gave the ODBC drivers in the folders in "c:\program files\common...
0
3540
by: ASP.Confused | last post by:
The old message looked a little stale, so I am re-posting it here. Anybody have any ideas of what I could do?!? The previous responses to this question are below. If you want to look at the original question, the subject line is: ADODB.NET and "Access Denied" I have an ASP.NET page writtein in VB that uses ADODB. I just had to
0
1459
by: Brian Call | last post by:
We have a customer that is getting an "Access is denied" (to a specific dll in the application's bin directory) error on XP when trying to run an ASP.NET application. All the posts and KB articles I have read (such as http://support.microsoft.com/default.aspx?scid=kb;en-us;329065) say that this happens when indexing service is running. But in this case we have verified that it is not running. I have also looked at file permissions and do...
0
2635
by: lpinho | last post by:
Hi There, I've generated a C# file from a wsdl file using wsdl.exe utility. Then I created a console application and made a call to the method generated, first I got the error: "The request failed with HTTP status 407: Proxy Access Denied." Then I added a proxy validating and proxy credentials and got this:
0
1789
by: Rico | last post by:
Helolo, I have an ASP.NET application on a Windows 2003 Server machine WITHOUT VS. I am working on an XPPro machine with VS 2003. I have installed the remote debugging components on the server. Aside from having administrative rights, I have also put myself in the Debugger Users group. I have added ASPNET and even IUSR_SERVERNAME to the Debuggers group (don't worry, it's a dev server not a live machine) and I still get "Access Denied"...
2
2437
by: Dave | last post by:
Hi - I have an application that is monitoring a process on another machine. This application runs as a service. The error that I am getting when this runs is: Couldn't get process information from remote machine. System.ComponentModel.Win32Exception: Access is denied I have searched the web extensively to solve my problem, but have found
2
4804
by: =?Utf-8?B?bXVyYWRqYW1lcw==?= | last post by:
I have a service running on my PC. I want to set the service's PriorityClass to BelowNormal. I use the following code: Process process = GetServiceProcess(); // How can I get the user's token (Local System) from the process, or wherever? using (WindowsImpersonationContext user = WindowsIdentity.Impersonate(userToken))
0
11100
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10718
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10816
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10401
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
7953
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5977
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4597
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4196
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3225
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.