By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,543 Members | 2,174 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,543 IT Pros & Developers. It's quick & easy.

Windows Service System Account Permissions

P: n/a


My windows service runs under the system account but the system account
can't see a domain on the LAN. Is there some sort of permissions that have
to be set for the system account to see the domain on the lan? my user
account when i log onto my own machine can see it but my serivce that runs
in system account can not.

Nov 16 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
No, the system is strictly a local account and has no network
permission. One common solution is to run under a domain or local user
account instead.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Tue, 30 Nov 2004 20:39:40 -0800, "Daniel"
<so*******************@yahoo.com> wrote:


My windows service runs under the system account but the system account
can't see a domain on the LAN. Is there some sort of permissions that have
to be set for the system account to see the domain on the lan? my user
account when i log onto my own machine can see it but my serivce that runs
in system account can not.


Nov 16 '05 #2

P: n/a
You also can't use mapped drives.

"Daniel" wrote:


My windows service runs under the system account but the system account
can't see a domain on the LAN. Is there some sort of permissions that have
to be set for the system account to see the domain on the lan? my user
account when i log onto my own machine can see it but my serivce that runs
in system account can not.

Nov 16 '05 #3

P: n/a
No, your only options are:
1. In your service code, Impersonate another user account with appropriate
privileges to access the remote server.
2. Run your service with the identity of a user account with appropriate
privileges to access the remote server.
3. If your server/desktop is a member of a AD domain (W2K/W2K3), you should
grant access to the remote resource for "machine account".
A service running as localsystem uses the "machine account" token
(domain\machine$) when accessing the network (again, only in an AD!!).

Willy.

"Daniel" <so*******************@yahoo.com> wrote in message
news:eL****************@TK2MSFTNGP15.phx.gbl...


My windows service runs under the system account but the system account
can't see a domain on the LAN. Is there some sort of permissions that have
to be set for the system account to see the domain on the lan? my user
account when i log onto my own machine can see it but my serivce that runs
in system account can not.

Nov 16 '05 #4

P: n/a

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:7t********************************@4ax.com...
No, the system is strictly a local account and has no network
permission. One common solution is to run under a domain or local user
account instead.

Scott,

It has network access privileges when running in an AD domain. see my other
reply for details.

Willy.
Nov 16 '05 #5

P: n/a

"Bonj" <Bo**@discussions.microsoft.com> wrote in message
news:B4**********************************@microsof t.com...
You also can't use mapped drives.


Yes, but you need to map the drive in the SYSTEM logon session, network
sessions are bound to windows logon sessions.
But, unless your server is an AD member, this won't solve the problem as
SYSTEM uses the machine account to access the network..
So you can only map drives as SYSTEM (well as domain\machine$) when running
in an AD realm.
Willy.
Nov 16 '05 #6

P: n/a
Good point, thanks Willy!

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Wed, 1 Dec 2004 17:45:48 +0100, "Willy Denoyette [MVP]"
<wi*************@pandora.be> wrote:

"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:7t********************************@4ax.com.. .
No, the system is strictly a local account and has no network
permission. One common solution is to run under a domain or local user
account instead.

Scott,

It has network access privileges when running in an AD domain. see my other
reply for details.

Willy.


Nov 16 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.