Windows service accessing the network

[Guest]

I need to write a windows service, and the only way it can access a shared
drive on a file server on the network is if the installer is put in "User"
mode - "LocalService", "LocalSystem" and "NetworkService" don't work. i.e. it
can't access the shared drive. But in "User" it can.
But I don't want it in user mode, if possible. I would rather it be a
service. Is there any way to do it?

 

[Nicholas Paldino [.NET/C# MVP]]

Bonj,

You don't have to have it be in "user" mode, but rather, have the
service run as a user which can access the network drive. You can restrict
the other rights of that account easily.

You should also be able to have it run as NetworkService, and then set
the permissions on the share to allow NETWORK access to it.

Hope this helps.

 

[Guest]

You don't have to have it be in "user" mode, but rather, have the

service run as a user which can access the network drive. You can restrict
the other rights of that account easily.

When I say "User" mode, what I mean is the service when the Account property
of the service process installer set to "User". I'd rather avoid this if
possible, but am not that fussed.

You should also be able to have it run as NetworkService, and then set
the permissions on the share to allow NETWORK access to it.

This would obviously be the optimal solution, but unfortunately I don't have
control over the network share.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I need to write a windows service, and the only way it can access a shared
drive on a file server on the network is if the installer is put in "User"
mode - "LocalService", "LocalSystem" and "NetworkService" don't work. i.e.
it
can't access the shared drive. But in "User" it can.
But I don't want it in user mode, if possible. I would rather it be a
service. Is there any way to do it?

 

[Willy Denoyette [MVP]]

This is not correct, NETWORK is a SID placed in a token that grants access
to the network services(the windows server and/or windows client service),
NOT to the resources like shares pipes etc. A token that has no NETWORK Sid
can't access the network.

NetworkService and LocalSystem are using "machine account" credentials to
access network resources, as such, you need a W2K/W2K3 AD domain realm for
this to work (machine accounts are regular "domain user" accounts in AD).
LocalService uses "anonymous" credentials to access network resources.
Depending on the service account type you have to set the ACL to grant the
required access right for the "machine" or "anonymous logon" account.

Willy.

Bonj,

You don't have to have it be in "user" mode, but rather, have the
service run as a user which can access the network drive. You can
restrict the other rights of that account easily.

You should also be able to have it run as NetworkService, and then set
the permissions on the share to allow NETWORK access to it.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I need to write a windows service, and the only way it can access a shared
drive on a file server on the network is if the installer is put in
"User"
mode - "LocalService", "LocalSystem" and "NetworkService" don't work.
i.e. it
can't access the shared drive. But in "User" it can.
But I don't want it in user mode, if possible. I would rather it be a
service. Is there any way to do it?