Windows Service System Account Permissions

[Daniel]

My windows service runs under the system account but the system account
can't see a domain on the LAN. Is there some sort of permissions that have
to be set for the system account to see the domain on the lan? my user
account when i log onto my own machine can see it but my serivce that runs
in system account can not.

 

[John M Deal]

The system account is just that, an account that has access to the
system, not the network. You'll need to change the identity that the
service is running under in order to give it access to the network
resource. If at all possible you'll want to run the service under a
different account anyway so that you can control the privileges on the
local machine so it doesn't inadvertently do anything it shouldn't
(principle of least privilege and all that).

Have A Better One!

John M Deal, MCP
Necessity Software

 

[Jay B. Harlow [MVP - Outlook]]

Daniel,
In addition to the other comments.

Consider running under the Network Service Account (an account specifically
for services that need network access) or creating a specific account to run
the service under. I normally create specific accounts, as that allows
setting up SQL Server or Exchange Server access...


Keith Brown's book "The .NET Developer's Guide to Windows Security" from
Addison Wesley has information on which account a service should run under &
why. For info on the book (and an on-line version) see:

http://www.pluralsight.com/keith/book/html/book.html

Keith's book goes into details on the principle of least privilege.

Hope this helps
Jay