Service won't start as a non-Power User account

G

Guest

I posted this to microsoft.public.dotnet.general then I saw posts about
services on this newsgroup. So, sorry for the independent cross-posting.

This might not be the best place to post this, but it looked the best from
what I saw.

I have a .NET service that is installed on an XP SP 2 machine by a user with
admin privileges. The setup asks the user for a domain account to use run
the service as. If the domain account the user provides is not at least a
Power User on the machine, the service will not start. Is this a Windows
policy?

The error I get is "Error 1053: The service did not respond to the start or
control request in a timely fashion." It is not that the service times out.
It just doesn't run. Even adding the domain user to the local machine's "Log
on as a service" Users Rights didn't help.

I put some trace statements in the services constructor, and they only get
written to a log file if the domain user is at least in the Power Users
group. So that tells me that the service isn't even being started when the
user is not a PU or Admin.

Tim
 
N

Nicholas Paldino [.NET/C# MVP]

Tim,

Well, what does your service do? It's possible that whatever it is, the
user that the service runs under doesn't have rights to do it. This in turn
causes an exception, and your service doesn't start.
 
T

TerryFei

Hi Tim,
Welcome to MSDN Newsgroup!

I have the same opinion with Nicholas . If your service requires specific
permission to complete some tasks(for example: access registry, connect to
network and so on),then the service needs to run under the account that has
relevant privilege. So in this scenario, I suggest you confirm what
privileges your service needs.

I hope the above information is useful for you. If you have any questions
or concerns, please feel free to let me know. :)

Best Regards,

Terry Fei[MSFT]
Microsoft Community Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
G

Guest

Thanks Nicholas and Terry for the replies.

My service uses remoting to communicate with another service on another
machine and it accesses files on shares. In its constructor, it creates its
own event log if it doesn't exist and it messes with the registry. Ok, ok.
So I am doing all kinds of admin stuff - I will move that code to the setup
because the setup requires admin privileges.

However, I still don't see why my service's constructor isn't even called
unless its user account is at least a PU. Since I put trace statements as
the first thing in the constructor, I at least expected to see them written
to the log file before any privilege-offending code was executed no matter
what user account I used. I don't think the .NET framework "examines" my
service for possible privilege violations before it even decides to create
it. That's why I am thinking it is a local policy issue.

Tim
 
W

Willy Denoyette [MVP]

Tim Werth said:
Thanks Nicholas and Terry for the replies.

My service uses remoting to communicate with another service on another
machine and it accesses files on shares. In its constructor, it creates
its
own event log if it doesn't exist and it messes with the registry. Ok,
ok.
So I am doing all kinds of admin stuff - I will move that code to the
setup
because the setup requires admin privileges.

However, I still don't see why my service's constructor isn't even called
unless its user account is at least a PU. Since I put trace statements as
the first thing in the constructor, I at least expected to see them
written
to the log file before any privilege-offending code was executed no matter
what user account I used. I don't think the .NET framework "examines" my
service for possible privilege violations before it even decides to create
it. That's why I am thinking it is a local policy issue.

Tim
Click to expand...

Are you sure the non PU user has appropriate privileges to write to the log
file (whatever that may be)?

Willy.
 
G

Guest

That's it! Thanks, Willy! When I logged into the computer as the < PU user,
he couldn't write to folder where I was writing the log file. So, the
combination of the two problems - 1) file permissions and 2) doing admin
calls as a user without admin privileges - made it look like the service was
not starting up at all.

I'll move my admin calls to the setup and write the log to a place where
everyone can write to and that should fix me up.

Thanks a lot guys,
Tim
 
T

TerryFei

Hi Tim,

Thanks very much for the update. I am glad to know that the problem is
resolved now.

Best Regards,

Terry Fei[MSFT]
Microsoft Community Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Service won't start as non-Power User 4
Windows Service unable to start at sytem restart! 9
Windows service not starting 2
Windows Service - ExceptionHandling after error in OnStart()-method 1
Running service under the account: User 1
Best Practice: Windows service monitoring 1
Error 1053: The service did not respond to the start or control request in a timely fashion 1
Local Group that will allow a windows service to start? 1

Top