PDA

Click to See Complete Forum and Search --> : WinXP service : security/permissions question

ctsinger
February 19th, 2003, 08:44 AM
Hi,
I have written a windows service. It has several jobs, one of which is VERY simple : create a directory on a mapped network drive.
This service has been around for several months, running on Win2000. It runs fine on Win2000.
I am now migrating to WinXP (Pro). The service is unable to create the directory on the same network drive that Win2000 clients are able to.
By default, I have the service "log on" as LocalSystem.
As part of my experimentation, I have found that simply running the service as an .exe as user Administrator, it works just fine. However, if I tell the service to "log on" as Administrator (w/correct password), it will not create the directory!
I am assuming that some default permissions are different in the WinXP security model, but I am at a loss to figure out which is blocking me.
Any suggestions would be appreciated!
Thanks,
Charlie
Kdr Kane
February 19th, 2003, 10:23 AM
Security has been tightened up a bit on XP.

Your problem is not the security on the XP machine. It's the mapped drive.

The user account you're running in interactive mode has permission to create directories on the mapped drive. The local administrator and local system accounts do not have permission to create directories on the mapped drive.

In your service, use the account and password of a remote account that has permission to create directories on the destination drive.
ctsinger
February 20th, 2003, 03:35 PM
Thanks for the suggestion.
Still - I am puzzled. I have enabled probably more permissions on the network drive than I would like, yet the service is still unabled to access it.
When I run the service as an executable, I am running as user "Administrator".
When I run the service as a service, I tell it to "log on" as ".\Administrator".
I was unable to specify the user in the form "RemoteComputerName\Administrator" - the OS told me that the combination of user/password was incorrect (it was correct).
Also, in my reading of XP security, it would seem that the default LocalSystem that the service originally had should have access to the network drive.

I should add at this point that my systems are not on a domain, just a workgroup.

More suggestions are welcome!
Thanks,
Charlie
ctsinger
March 13th, 2003, 04:13 PM
The problem had nothing to do with permissions!
The problem is that WinXP does not share drive mappings among different logons. So a mapped drive created by user X is not visible to the services. See
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/services_and_redirected_drives.asp
for more info.

I ended up mapping the drives using WNetAddConnection2() in my service, and now it's happy (and so am I!!).