Guest ML Posted November 3, 2007 Posted November 3, 2007 All, I would like to setup a Windows 2003 server with a software running as a service. The service run under the computer account The data are on a remote share. I would like the service to access the data on the remote share. - I setup the rights on the remote share. - If I start a cmd box under the local system account (computername$), I can mount the remote share and acess data - If I add a entry in the HKLM\SOFTWARE\Microsoft\Windows \CurrentVersion\Run, I know it mount the drive ( I put a trace), but when I try to access this drive from a cmd box under the computer account, the share is not mounted. So : is there a way to mount a drive reachable to all process running under the computer account ? The matter is that there is no user session openned on the server I know iSCSI drive could solve my problem, but I prefer a remote share for many reasons. Thanks Best regards ML
Guest Pegasus \(MVP\) Posted November 3, 2007 Posted November 3, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key "ML" <mldmld@bigfoot.com> wrote in message news:1194128879.541593.123100@o3g2000hsb.googlegroups.com... > All, > I would like to setup a Windows 2003 server with a software running as > a service. > The service run under the computer account > The data are on a remote share. > > I would like the service to access the data on the remote share. > > - I setup the rights on the remote share. > - If I start a cmd box under the local system account (computername$), > I can mount the remote share and acess data > > - If I add a entry in the HKLM\SOFTWARE\Microsoft\Windows > \CurrentVersion\Run, I know it mount the drive ( I put a trace), but > when I try to access this drive from a cmd box under the computer > account, the share is not mounted. > > So : is there a way to mount a drive reachable to all process running > under the computer account ? > The matter is that there is no user session openned on the server > > I know iSCSI drive could solve my problem, but I prefer a remote share > for many reasons. > > Thanks > Best regards > ML > Processes running under the System account have no access rights to remote resources.
Guest Dave Patrick Posted November 4, 2007 Posted November 4, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key Better to use UNC paths as mapped drives won't natively exist. You'll also want to use a domain account that has access to the network resource. The system account (NT Authority) has no permissions outside the local machine. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "ML" wrote: > All, > I would like to setup a Windows 2003 server with a software running as > a service. > The service run under the computer account > The data are on a remote share. > > I would like the service to access the data on the remote share. > > - I setup the rights on the remote share. > - If I start a cmd box under the local system account (computername$), > I can mount the remote share and acess data > > - If I add a entry in the HKLM\SOFTWARE\Microsoft\Windows > \CurrentVersion\Run, I know it mount the drive ( I put a trace), but > when I try to access this drive from a cmd box under the computer > account, the share is not mounted. > > So : is there a way to mount a drive reachable to all process running > under the computer account ? > The matter is that there is no user session openned on the server > > I know iSCSI drive could solve my problem, but I prefer a remote share > for many reasons. > > Thanks > Best regards > ML >
Guest ML Posted November 4, 2007 Posted November 4, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key On 4 nov, 01:56, "Dave Patrick" <DSPatr...@nospam.gmail.com> wrote: > Better to use UNC paths as mapped drives won't natively exist. You'll also > want to use a domain account that has access to the network resource. The > system account (NT Authority) has no permissions outside the local machine. I disagree Create a service which only start a cmd box and allow it to interact with desktop. Start the service In the cmd box opened by the service, you can try to mount a drive on a remote share. The username used is : ComputerName$ So you can give access to a share using this domain account. So no issue with ACLs. I would like to make a network drive available for all running services. ML
Guest Pegasus \(MVP\) Posted November 4, 2007 Posted November 4, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key "ML" <mldmld@bigfoot.com> wrote in message news:1194205918.492212.100550@k79g2000hse.googlegroups.com... > On 4 nov, 01:56, "Dave Patrick" <DSPatr...@nospam.gmail.com> wrote: >> Better to use UNC paths as mapped drives won't natively exist. You'll >> also >> want to use a domain account that has access to the network resource. The >> system account (NT Authority) has no permissions outside the local >> machine. > > I disagree > Create a service which only start a cmd box and allow it to interact > with desktop. > Start the service > In the cmd box opened by the service, you can try to mount a drive on > a remote share. > The username used is : ComputerName$ > So you can give access to a share using this domain account. > > So no issue with ACLs. I would like to make a network drive available > for all running services. > > ML You might find that a service that interacts with the desktop adopts the security level of the desktop session. If so then the answer to your question would be: Modify all services so that they interact with the desktop. There are probably some repercussions in doing this.
Guest Dave Patrick Posted November 4, 2007 Posted November 4, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key When you checked "allow interact with desktop" you gave it the current user permissions. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "ML" wrote: > I disagree > Create a service which only start a cmd box and allow it to interact > with desktop. > Start the service > In the cmd box opened by the service, you can try to mount a drive on > a remote share. > The username used is : ComputerName$ > So you can give access to a share using this domain account. > > So no issue with ACLs. I would like to make a network drive available > for all running services. > > ML >
Guest ML Posted November 4, 2007 Posted November 4, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key I disagree. When I start such a service, the context is the local user account. I can't see my user (personnal) shares in the cmd box. If I activate the login trace on the files server , I see the computeraccount$ name as userID login when I net use in the cmd box. This only works with Kerberos authentification. In Windows NT 4 mode, it does not work. Anyway, my question is to mount a drive letter available to all local system services in order to install softwares on a share, not on local disks or iscsi luns. Thanks ML
Guest Dave Patrick Posted November 4, 2007 Posted November 4, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key I'm sorry but you're wrong. http://support.microsoft.com/kb/120929 http://technet.microsoft.com/en-us/library/bb680595.aspx You'll be better off using UNC paths as opposed to mapped drives. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "ML" wrote: >I disagree. > > When I start such a service, the context is the local user account. I > can't see my user (personnal) shares in the cmd box. > If I activate the login trace on the files server , I see the > computeraccount$ name as userID login when I net use in the cmd box. > > This only works with Kerberos authentification. In Windows NT 4 mode, > it does not work. > > Anyway, my question is to mount a drive letter available to all local > system services in order to install softwares on a share, not on local > disks or iscsi luns. > Thanks > > ML >
Guest Dave Patrick Posted November 4, 2007 Posted November 4, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key If you must, then give this a go. http://support.microsoft.com/kb/q243486/ -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect
Guest ML Posted November 7, 2007 Posted November 7, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key Hi, "The Local System account does not have any rights to access the network. When network access is necessary, Local System uses the account Domain\computername$." Ok, you learnt me that the local system impersonate to computername$. Anyway, I will use a GPO to do want I need. Thanks ML
Guest Dave Patrick Posted November 8, 2007 Posted November 8, 2007 Re: Access a share mounted in the HKLM\Software\ ...\Run key You're welcome. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "ML" wrote: > Hi, > > "The Local System account does not have any rights to access the > network. When network access is necessary, Local System uses the > account Domain\computername$." > > Ok, you learnt me that the local system impersonate to computername$. > > Anyway, I will use a GPO to do want I need. > Thanks > ML >
Recommended Posts