Search This Blog

2014-11-26

Windows Startup Services

Windows services are generally run using a specific user called a "Local System" user which has permissions to the entire system.

Since then, Windows has created some new service accounts for tasks to reduce the control of some services over the system. These accounts are called "Local Service" and "Network Service". The purpose of each account described here: http://windowsitpro.com/systems-management/determining-which-service-logon-account-use

Most services are started with the "Local System" account which gives the most permissions to each application to run on the system and Network Service and Local Service are intended to give less permissions and less control to each service.

Sometimes it may be beneficial to even create a local service account and manually restrict permissions to a specific portion of the system for security reasons but this can end up being challenging to manage for password policy and similar auditing capabilities.

In newer version of windows for example non-domain accounts do not have access to network shares so to work around these kinds of issues UNC path is beneficial to use as demonstrated here: http://stackoverflow.com/questions/3622089/windows-service-cant-access-network-share AND http://superuser.com/questions/650025/how-to-access-mapped-directory-from-a-windows-service

References:
http://cygwin.wikia.com/wiki/Cygrunsrv

No comments:

Post a Comment