Windows Server 2003 SYSTEM Account

S

Simon Hart

Hi,

I have written a Windows Service component in C# which manages processes on
the server. The code is required to terminate these processes when they
timeout. The Windows Service runs under the SYSTEM account. I check in code
whether the user belongs to the Administrators group using the
WindowsPrinciple class which it does. When it comes to terminating the
processes using the Process class, I am not able to terminate the processes.
If I restart the service to run under the local Administrator's account, I
am able to terminate the processes? It doesn't really make any sense as both
users are part of the Administrators group.

Windows Server 2003 runs SP1, .NET 1.1.
Any ideas?
Cheers
Simon.
 
S

Simon Hart

Update:

It turns out this is happening on one Windows 2003 Server machine.

I have tested this on my Virtual PC and it works!?!

Regards
Simon.
 
W

Willy Denoyette [MVP]

| Hi,
|
| I have written a Windows Service component in C# which manages processes
on
| the server. The code is required to terminate these processes when they
| timeout. The Windows Service runs under the SYSTEM account. I check in
code
| whether the user belongs to the Administrators group using the
| WindowsPrinciple class which it does. When it comes to terminating the
| processes using the Process class, I am not able to terminate the
processes.
| If I restart the service to run under the local Administrator's account, I
| am able to terminate the processes? It doesn't really make any sense as
both
| users are part of the Administrators group.
|
| Windows Server 2003 runs SP1, .NET 1.1.
| Any ideas?
| Cheers
| Simon.
|
|

SYSTEM is a pseudo account, it doesn't really exists in the account
database, so considering it a member of Administrators is not correct.
In order to be able to kill another process, the caller needs the
"SeDebugPrivilege", "Administrators" do have this privilege by default. So
if you wan't to be able to kill other processes, you have to add SYSTEM to
the "Debug programs" entry in Local Security Settings - Local Policies -
User Rights Assignment, or you have to enable this privilege from code
(through PInvoke).

Willy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Anyone know how to start a process with low integrity from a process with higher integrity? 0
Monitoring System Errors 2
[.NET 2.0] Process / ProcessStartInfo with specified account 3
Running service under the account: User 1
bringing up processes on "slave" computers through windows service in c# 5
queued components and network service account..... 2
Error handling in Windows Service 9
Service never starts only on Windows 2000 Server 1

Top