I'm writing a windows service that must to write log files in a remote server, which is part of my network via secure VPN connection (P2P), so i can write log files in a directory (like "\10.10.10.10\MylogFolder\log.txt") via Console Application, that I use to test my business classes.
Via Console App, it works correctly but when I try to inject the business class to the service, it doesn't work...
I believe that it's a Installation/Privilege issue, I've already put my WinService to install using LocalSystem privileges but it didn't work as well.
Can you help me?
Thanks in advance!
LocalSystem is a very limited account for network access.
You'll need to set the service account to be something that has the required privileges on the remote machine.
Related
I have a server with a bunch of installers on it. However my program stops when I attempt to initiate connection to the server.
Process.Start(#"\\{Server ip}\Software_Depot\Installers_Master\Snagit\v2019\snagit.exe");
What I'm trying to do here is initiate the installation of snagit.exe from our server.
Check the permissions of the elevated user that’s being used. If it’s a local admin account, it might not have permissions to the network share.
You could either add a “net use .... domain-user password” or use a domain account to launch your .net app.
Goal:
I periodically upload new .exe file to windows server 2003 via FTP and I want to run it manually by hitting Url of a web site on same server. Exe needs to be run under an Admin account, and not the NETWORK SERVICE account.
What I achieved so far:
I have been able to successfully run applications like notepad under the Admin account on the server via a web request by using any of these:
PsExec,
.net process.Start() with credentials supplied to process.StartInfo and even
by impersonating admin and then using process.Start without credentials (http://www.f4cio.com/programmatically-impersonate-in-csharp)
The problem:
The above methods run my exe but Task Manager, or a call to System.Security.Principal.WindowsIdentity.GetCurrent().Name shows me that it is running under NETWORK SERVICE.
I suspect that this file has added security constraints because it arrived from ftp link. Checking run-as-administrator in properties of file is not an option because file will be replaced periodically and all needs to be automated. Also manual server configuration should be minimal or ideally non-existent. Code-only single-web-page solution is ideal. Editing both that asp.net web page and exe is ok. (I tried something with exe self-restarting).
Not sure about this, but I suspect this has to do with you website running under the NETWORK SERVICE user. Whatever privileges your website-user has, the same are probably granted / passed on as you try to run your executable.
Is this server on an internal network or protected in some other way? (I should hope so!). If so, you might try changing App Pool that the website is running under to an admin account (in IIS, right click the App Pool running the site, select Advanced Settings, and look for the Identity setting). If I'm right, that will allow you to run your executable as an admin too.
Be aware however, that this may increase the security risk of your setup: Allowing your site to run under an admin account means easier access to your entire server if anyone is able to penetrate whatever security measures you have in place. Make sure access to this server is tightly limited, and preferably, that it in turn does not have access to other systems, since that would in turn make them vulnerable by extension.
I have developed a TCP Server. I want my TCP server to be running even when I log off my machine. So clients can connect to it even when my computer is logged off. I was thinking if I must create a Windows Service to implement this approach, but I am not sure how to do so.
Please tell me how can I let my application to keep working even when my machine is logged off.
You can create a service by following these instructions:
http://support.microsoft.com/kb/251192
And then installing it to your PC should be as simple as using
installutil MyService.msc
(installutil will be part of your .NET installation, eg in C:\Windows\Microsoft.NET\Framework\v3.5)
You can the configure it to Startup Automatically by running services.msc from the command prompt.
You could launch it as a task from Windows Task Scheduler and set it to run even if you aren't logged in. This would work even if the application isn't a service.
If you want to be able to shut down your machine and still let the client connect then you need to deploy your application on a server.
Create a windows service and run it as LocalService http://msdn.microsoft.com/en-us/library/zt39148a(v=vs.80).aspx
My PC is in Domain A and a remote server in Domain B, I want to restart a service on server from my PC using c# or any other language or script.
Notes:
I am connected to the server via VPN that means i can manually RDP the server and can manually restart the service.
I am not able to access services on server using connect to other computer under action button from local services window.
I have admin rights to the server.
I can't(not allowed) add any component to server.
I have different set of credentials for Remote machine
You should first try the sc command to make sure you're able to start that service remotely using the current permissions and credentials. If that works, take a look at System.ServiceProcess.ServiceController.
When you say you're an admin on the remote machine, I'm assuming that means you're logging in with different credentials. I don't believe either of those will allow you to use alternate credentials -- i.e., the commands will execute with Domain A privileges and those privileges are most likely insufficient for what you're trying to do.
Can you use a batch file? I usually use something like this:
NET USE \\computername\IPC$ /U:domainname\username password
SC \\computername START service
I have two machines, we'll call them machine A and machine B. Machine B is running a Windows service written in C#.net, as the Local System account. Machine A tells machine B's service (using WCF) to open a file located on the network. Since local system is not a network user, it does not have access to network files, and is unable to open the file. Currently, I am reading files from machine A and serializing them as strings to machine B, and then writing them locally on B. I've considered making a generic network account for machine B, so it can have access to the network, however this is undesirable. Is there any way I can make machine B open files using the user account of machine A? I've taken a look at the system security principal's identity classes, would this be a case to use them?
MSDN - How to: Impersonate a Client on a Service
Impersonating a client on a Windows
Communication Foundation (WCF) service
enables the service to perform actions
on behalf of the client. For actions
subject to access control list (ACL)
checks, such as access to directories
and files on a machine or access to a
SQL Server database, the ACL check is
against the client user account
Also don't forget to configure your service to use Windows Authentication and use a supported binding.