2nd opinion? - Windows service app development

  • Thread starter Thread starter B. Chernick
  • Start date Start date
B

B. Chernick

I have not touched a Windows Service app since my MCAD certs (about 5 years
ago...) I've just been assigned to write a quickie app. I could use a 2nd
opinion here.

The app is to be written in Dot Net 2.0 (VB). Probably all it will do is
monitor a directory (at intervals controled by a timer), do some stuff with
text files, and ftp text files to an ftp. I believe I've successfully tested
most of the techniques I'll be using but I was wondering about the status of
the ServiceProcessInstaller's Account setting. 'LocalSystem' seems to works
fine. "LocalService' works fine as well, if I give 'Local Service' full
access to the directory.

So I suppose my question is, given the above, should I prefer using
"LocalSystem" or "LocalService"? (Are there any 'gotchas' with either in a
situation like this?)
 
I would say you'd be better off running under the account of least
privelege, as long as your service will still work. Is there any reason
you'd need LocalSystem privs (i.e. higher even than an administrator)?

I would configure a custom action in the installer so that it automatically
grants LocalService access to the directory it watches, and run it under
that. Search the MS webby for a description of the privs granted to
LocalService also, you might find there's something in there that's too
restrictive, but I doubt it.

There are very few apps these days that genuinely need Admin privs to run,
let alone anything higher, but your best option is to research and find out
exactly what you need.

-Alex
 
What Steve just said about FTP'ing reminded me of something - I'm not sure
that LocalService gets external network access, whereas "NETWORK SERVICE"
should. Other than that, like I said before, investigate the privs
associated with all 3 accounts to see which is best for you.

-Alex
 
?? Well so far it seems to work with LocalService. I do have to add a
credential object.

Dim uploadRequest As FtpWebRequest = WebRequest.Create(uploadUrl)
Dim cred As NetworkCredential = uploadRequest.Credentials
cred.UserName = "myUserName"
cred.Password = "myPassword"
 
Thanks. Interesting concepts. When you say 'custom action in the
installer', are you refering to the ServiceInstaller or the
ServiceProcessInstaller? (I need to do more reading about those two.)

Also, is it possible under these conditions to somehow generate a popup
input window during installation? (Given that a Windows Service itself
cannot directly generate a form.) I've got to give configuration control
some thought because userid, password, and directory to monitor will probably
all have to be set at install time. (And made available for edit later.)
 
You can create a Setup project which handles installation of your service,
and add a custom action to the Setup project which includes giving the user
the option of configuration. This doesn't break the service guidelines as
the installer isn't actually running the service, it's just installing it,
therefore it's fine to have a GUI.

In terms of users editing that config info at a later date, you'd need a
separate exe to allow them to do that; one which is a standard
winforms/console app and not a service.

Regarding your other email, it sounds like LocalService will work out for
you in that case? I'm a little surprised that LocalService is giving you
network access, but if it works then cool :-)
 
Back
Top