472,791 Members | 1,456 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,791 software developers and data experts.

Windows 2003 Service

cd
Is there a specific process or permissions that must be granted to get a .NET
(framework 1.4) Window Service to run properly on a Windows 2003 Server?

I built a Windows Service to start two local programs (Putty and Pageant)
located on a Win 2003 Server. The service installs but doesn't start the
Putty / Pageant programs properly when using any user ID except my own. Why
will it work with my User ID? I install the Windows Service on a Win 2000
machine and the service works fine with the local administrator account I
setup. I set the same user on the Win 2003 Server and the service doesn't
start the programs prooperly. I know there are a bunch of variables between
the 2 operating systems and progams. Most of what I have found is Win 2003
needs permissions granted to certain functions and no longer grants them out
of the box. I'm trying to find out what those permissions are and the
differences.

thank you,
--
Christopher
Jul 21 '05 #1
2 2482
Hi Chis,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that you are having problem to start a
windows service on Windows 2003 server. If there is any misunderstanding,
please feel free to let me know.

There is some minor difference on the LocalSystem Account of Windows 2000
and Windows 2003. Windows 2000 LocalSystem account doesn't have SE_TCB_NAME
privilege. In Windows 2000, the process calling LogonUser requires the
SE_TCB_NAME privilege. If the calling process does not have this privilege,
LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD.

However, I think if you try to use an administrator account the start the
server, the above privilege doesn't matter. If it doesn't start, is there
any error messages?

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Jul 21 '05 #2
"cd" <No****@noemail.nospam> wrote:
Is there a specific process or permissions that must be granted to get a .NET
(framework 1.4) Window Service to run properly on a Windows 2003 Server?

I built a Windows Service to start two local programs (Putty and Pageant)
located on a Win 2003 Server. The service installs but doesn't start the
Putty / Pageant programs properly when using any user ID except my own. Why
will it work with my User ID? I install the Windows Service on a Win 2000
machine and the service works fine with the local administrator account I
setup. I set the same user on the Win 2003 Server and the service doesn't
start the programs prooperly. I know there are a bunch of variables between
the 2 operating systems and progams. Most of what I have found is Win 2003
needs permissions granted to certain functions and no longer grants them out
of the box. I'm trying to find out what those permissions are and the
differences.

thank you,


Your best bet is to create an special account for your
service and the programs it spawns. You really shouldn't be
running a service with the administrators account.

- Enable security auditing on the machine.

- Create a special (unprivileged) account for your service.

- Test the programs that the service spawns under that
account. Security auditing should indicate the missing
privileges. Add each privilege in turn.

- Not all problems are related to privileges, sometimes its
an issue with the Discretionary Access Control Lists (DACL,
or sometimes even just ACL). For that you'll have to get and
install FileMon (for file accesses) and RegMon (for registry
accesses) - that should help you identify the problem
file(s) and registry entries.

- Once your programs run fine set the service up to use that
account. Depending on "how" you do things in your service
you may need to add further privileges of tweak some more
File/Registry ACLs.

- Once you got everything running, shutdown FileMon, RegMon
and disable Security Auditing (or set it to a more suitable
configuration). DOCUMENT the privileges and ACL changes
needed to make it work for the next administrator to come
along.

- In the future develop under an account that is set up
according to the least privilege principle - that way you
will be alerted early to any problems that third party
components or your own code is causing.

How To Enable and Apply Security Auditing in Windows 2000
http://support.microsoft.com/default...b;en-us;300549
(Shouldn't be too different for 2003)

Filemon
http://www.sysinternals.com/ntw2k/source/filemon.shtml

RegMon
http://www.sysinternals.com/ntw2k/source/regmon.shtml

Defend Your Code with Top Ten Security Tips Every Developer
Must Know
http://msdn.microsoft.com/msdnmag/is...s/default.aspx

Developing Software in Visual Studio .NET with
Non-Administrative Privileges
http://msdn.microsoft.com/library/de...privileges.asp

Secure Coding Practices: Running with Least Privileges in
Windows
http://www.codeproject.com/tips/runas.asp

How To: Secure Your Developer Workstation
http://msdn.microsoft.com/security/s...htworkstat.asp

The Challenge of Least Privilege
http://msdn.microsoft.com/library/de...re06112002.asp
Jul 21 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Eric Chong | last post by:
I created a Windows Service in C# that requires to get passed command arguments like a Console App. I noticed that there is an option "Start parameters" text box in the property of a Windows...
3
by: Harry Simpson | last post by:
Windows Server 2003 is supposed to include Framework 1.1 right. I don't have it here but have reports that the web is not running. The users say that the %COMPUTERNAME%\ASPNET user doesn't exist....
5
by: pberna | last post by:
Dear all, I built a Web Form application to start and stop a Windows Service remotely. I successful tested the application on Windows 2000 server + IIS. I must include the ASPNET user to the...
7
by: lvpaul | last post by:
Hallo ! I am using IIS-Windows-Authentication in my intranet (web.config <authentication mode="Windows" /> <identity impersonate="true" /> How can I get the users (client) IP-Address ? I...
10
by: Ger | last post by:
I am having problems using VB.Net's Management base object on a machine hosting Windows Server 2003. I am trying to set file permissions from a Windows Service. These files may be loacted on a...
2
by: cd | last post by:
Is there a specific process or permissions that must be granted to get a .NET (framework 1.4) Window Service to run properly on a Windows 2003 Server? I built a Windows Service to start two local...
0
by: Charles Leonard | last post by:
I am having yet another issue with Windows Server 2003. This time, the web service (a file import web service) appears to run except for one odd message: "ActiveX component can't create object". ...
4
by: Lenny Shprekher | last post by:
Hi, I have long time ago written windows service (VS2002) which is working fine on Windows 2000 server for 4 years. After installing service on Windows 2003 SP1 service crashing every time with...
1
by: Mahesh Devjibhai Dhola | last post by:
Hi, Scenario: The webservice was developed on windows 2000 Pro and deployed previously on windows XP pro for testing. We have tested for many days. The client for that service was 30+ and...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
0
by: erikbower65 | last post by:
Using CodiumAI's pr-agent is simple and powerful. Follow these steps: 1. Install CodiumAI CLI: Ensure Node.js is installed, then run 'npm install -g codiumai' in the terminal. 2. Connect to...
0
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
0
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
0
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
14
DJRhino1175
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
0
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
0
by: Mushico | last post by:
How to calculate date of retirement from date of birth

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.