Re: My Service needs to acces the Registry...

From: Serguei (nospam_at_nowhere.no)
Date: 10/16/03 

Date: 16 Oct 2003 10:37:08 -0700

Hello,
By default your service runs under "local system" account,
which has low permissions.
You may configure it to run under different account:
see control panel->Adminiostrative Tools->Services->
Properties->Log On.

If it is not an option, your service may impersonate as
different user just for the time when accessing the registry.

>Also I've seen that I have to define some event-id texts
> for the loggin in the Win2K eventlog.
There are two parts for writing events:
1) You will have to define the message table resource,
and register it as an event source. You may still
write the events into the log without this step,
but the message text
containg your text along with the warning:

"The description for Event ID ( 0 ) in Source ( Application ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event:" YOUR TEXT HERE.
    
2) Call ReportEvent api function.
See also TNTEventLog component:
http://www.online-admin.com/ntset.html#TNTEventLog

Hope this helps,
Serguei

"Alexander Bauer" <Alexander.Bauer@AlBaWare.de> wrote:
>Hi all,
>
>It's my verry first Service I'm trying to write and I have some problems.
>
>The sevice should scan a MS Access DB for some special field values via ADO.
>This is tested in an app and working fine so far.
>
>The problem is:
>I first get the name of the System-DSN out of an INI-File (works fine).
>Now I try to read data from this System-DSN from the Registry.
>Anything is OK but the service seems not to be allowed to access the
>registry - My test-app can read anything fine, so I think it's nothing wrong
>with me reg-access stuff (it's omply copied to the service). Can any one
>tell me what I'd miss?
>
>Also I've seen that I have to define some event-id texts for the loggin in
>the Win2K eventlog.
>How / where to do that?
>
>Thanks in advance.
>
>Regards,
> Alexander Bauer
>
>

Relevant Pages

  • Very long shutdown
    ... On restart there is always the same warning message in the Application Event ... For the services logged on as Local System, all of these are set to Log on ... service was still using the registry during log off. ... This is often caused by services running as a user account, ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: adware installed as a trusted certificate in registry
    ... Specifies that the service logs on to the local system account, rather than to a user account. ... To specify that the service use the LocalService account, click This account, and then type NT ... > I too also have those characters in the registry. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: registry hacked under XP limited account
    ... >> The thing I want to know is that the registry can be modified ... Running as limited account does VERY LITTLE to stop ... running with administrative rights is a VERY BAD HABIT. ... This tactic will NOT be effective against future malware. ...
    (microsoft.public.security)
  • Re: Local System Account & Network Access
    ... helpful and Roger's suggestion to use local service instead of local system ... account on a domain computer. ... membership but they do have a bearing on what a user/computer has access ... Logon ID: ...
    (microsoft.public.security)
  • RE: Moving user account from NT to Win2k3
    ... I found that there is no "Shared icon" under folder in the tree ... After importing the registry successfully, you may want to restart the ... When creating a new user account, the SID of the account has been ... Microsoft Online Partner Support ...
    (microsoft.public.windows.server.migration)