Jump to content

Access a share mounted in the HKLM\Software\ ...\Run key

Guest ML

By Guest ML
in Windows 2003 Server

 Share

Recommended Posts

Guest ML

Guest ML

Posted
Posted

All,

I would like to setup a Windows 2003 server with a software running as

a service.

The service run under the computer account

The data are on a remote share.

 

I would like the service to access the data on the remote share.

 

- I setup the rights on the remote share.

- If I start a cmd box under the local system account (computername$),

I can mount the remote share and acess data

 

- If I add a entry in the HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Run, I know it mount the drive ( I put a trace), but

when I try to access this drive from a cmd box under the computer

account, the share is not mounted.

 

So : is there a way to mount a drive reachable to all process running

under the computer account ?

The matter is that there is no user session openned on the server

 

I know iSCSI drive could solve my problem, but I prefer a remote share

for many reasons.

 

Thanks

Best regards

ML

  • Replies 10
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

 

"ML" <mldmld@bigfoot.com> wrote in message

news:1194128879.541593.123100@o3g2000hsb.googlegroups.com...

> All,

> I would like to setup a Windows 2003 server with a software running as

> a service.

> The service run under the computer account

> The data are on a remote share.

>

> I would like the service to access the data on the remote share.

>

> - I setup the rights on the remote share.

> - If I start a cmd box under the local system account (computername$),

> I can mount the remote share and acess data

>

> - If I add a entry in the HKLM\SOFTWARE\Microsoft\Windows

> \CurrentVersion\Run, I know it mount the drive ( I put a trace), but

> when I try to access this drive from a cmd box under the computer

> account, the share is not mounted.

>

> So : is there a way to mount a drive reachable to all process running

> under the computer account ?

> The matter is that there is no user session openned on the server

>

> I know iSCSI drive could solve my problem, but I prefer a remote share

> for many reasons.

>

> Thanks

> Best regards

> ML

>

 

Processes running under the System account have no

access rights to remote resources.

Guest Dave Patrick

Guest Dave Patrick

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

Better to use UNC paths as mapped drives won't natively exist. You'll also

want to use a domain account that has access to the network resource. The

system account (NT Authority) has no permissions outside the local machine.

 

 

--

 

Regards,

 

Dave Patrick ....Please no email replies - reply in newsgroup.

Microsoft Certified Professional

Microsoft MVP [Windows]

http://www.microsoft.com/protect

 

"ML" wrote:

> All,

> I would like to setup a Windows 2003 server with a software running as

> a service.

> The service run under the computer account

> The data are on a remote share.

>

> I would like the service to access the data on the remote share.

>

> - I setup the rights on the remote share.

> - If I start a cmd box under the local system account (computername$),

> I can mount the remote share and acess data

>

> - If I add a entry in the HKLM\SOFTWARE\Microsoft\Windows

> \CurrentVersion\Run, I know it mount the drive ( I put a trace), but

> when I try to access this drive from a cmd box under the computer

> account, the share is not mounted.

>

> So : is there a way to mount a drive reachable to all process running

> under the computer account ?

> The matter is that there is no user session openned on the server

>

> I know iSCSI drive could solve my problem, but I prefer a remote share

> for many reasons.

>

> Thanks

> Best regards

> ML

>

Guest ML

Guest ML

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

On 4 nov, 01:56, "Dave Patrick" <DSPatr...@nospam.gmail.com> wrote:

> Better to use UNC paths as mapped drives won't natively exist. You'll also

> want to use a domain account that has access to the network resource. The

> system account (NT Authority) has no permissions outside the local machine.

 

I disagree

Create a service which only start a cmd box and allow it to interact

with desktop.

Start the service

In the cmd box opened by the service, you can try to mount a drive on

a remote share.

The username used is : ComputerName$

So you can give access to a share using this domain account.

 

So no issue with ACLs. I would like to make a network drive available

for all running services.

 

ML

Guest Pegasus \(MVP\)

Guest Pegasus \(MVP\)

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

 

"ML" <mldmld@bigfoot.com> wrote in message

news:1194205918.492212.100550@k79g2000hse.googlegroups.com...

> On 4 nov, 01:56, "Dave Patrick" <DSPatr...@nospam.gmail.com> wrote:

>> Better to use UNC paths as mapped drives won't natively exist. You'll

>> also

>> want to use a domain account that has access to the network resource. The

>> system account (NT Authority) has no permissions outside the local

>> machine.

>

> I disagree

> Create a service which only start a cmd box and allow it to interact

> with desktop.

> Start the service

> In the cmd box opened by the service, you can try to mount a drive on

> a remote share.

> The username used is : ComputerName$

> So you can give access to a share using this domain account.

>

> So no issue with ACLs. I would like to make a network drive available

> for all running services.

>

> ML

 

You might find that a service that interacts with the desktop

adopts the security level of the desktop session. If so then

the answer to your question would be: Modify all services so

that they interact with the desktop. There are probably some

repercussions in doing this.

Guest Dave Patrick

Guest Dave Patrick

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

When you checked "allow interact with desktop" you gave it the current user

permissions.

 

--

 

Regards,

 

Dave Patrick ....Please no email replies - reply in newsgroup.

Microsoft Certified Professional

Microsoft MVP [Windows]

http://www.microsoft.com/protect

 

"ML" wrote:

> I disagree

> Create a service which only start a cmd box and allow it to interact

> with desktop.

> Start the service

> In the cmd box opened by the service, you can try to mount a drive on

> a remote share.

> The username used is : ComputerName$

> So you can give access to a share using this domain account.

>

> So no issue with ACLs. I would like to make a network drive available

> for all running services.

>

> ML

>

Guest ML

Guest ML

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

I disagree.

 

When I start such a service, the context is the local user account. I

can't see my user (personnal) shares in the cmd box.

If I activate the login trace on the files server , I see the

computeraccount$ name as userID login when I net use in the cmd box.

 

This only works with Kerberos authentification. In Windows NT 4 mode,

it does not work.

 

Anyway, my question is to mount a drive letter available to all local

system services in order to install softwares on a share, not on local

disks or iscsi luns.

Thanks

 

ML

Guest Dave Patrick

Guest Dave Patrick

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

I'm sorry but you're wrong.

 

http://support.microsoft.com/kb/120929

http://technet.microsoft.com/en-us/library/bb680595.aspx

 

You'll be better off using UNC paths as opposed to mapped drives.

 

 

--

 

Regards,

 

Dave Patrick ....Please no email replies - reply in newsgroup.

Microsoft Certified Professional

Microsoft MVP [Windows]

http://www.microsoft.com/protect

 

"ML" wrote:

>I disagree.

>

> When I start such a service, the context is the local user account. I

> can't see my user (personnal) shares in the cmd box.

> If I activate the login trace on the files server , I see the

> computeraccount$ name as userID login when I net use in the cmd box.

>

> This only works with Kerberos authentification. In Windows NT 4 mode,

> it does not work.

>

> Anyway, my question is to mount a drive letter available to all local

> system services in order to install softwares on a share, not on local

> disks or iscsi luns.

> Thanks

>

> ML

>

Guest ML

Guest ML

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

Hi,

 

"The Local System account does not have any rights to access the

network. When network access is necessary, Local System uses the

account Domain\computername$."

 

Ok, you learnt me that the local system impersonate to computername$.

 

Anyway, I will use a GPO to do want I need.

Thanks

ML

Guest Dave Patrick

Guest Dave Patrick

Posted
Posted

Re: Access a share mounted in the HKLM\Software\ ...\Run key

 

You're welcome.

 

--

 

Regards,

 

Dave Patrick ....Please no email replies - reply in newsgroup.

Microsoft Certified Professional

Microsoft MVP [Windows]

http://www.microsoft.com/protect

 

"ML" wrote:

> Hi,

>

> "The Local System account does not have any rights to access the

> network. When network access is necessary, Local System uses the

> account Domain\computername$."

>

> Ok, you learnt me that the local system impersonate to computername$.

>

> Anyway, I will use a GPO to do want I need.

> Thanks

> ML

>

 Share
Go to topic listing
×
×
  • Create New...