-
-
Notifications
You must be signed in to change notification settings - Fork 418
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run the Windows service as a non-SYSTEM account #858
Comments
Thanks for the suggestion. I tried it and the issue with it is that the service does not have privilege to create the |
That is normally done by the setup application, while executing as PS Probably the application should also be modified to write somewhere inside |
As mentioned by @rgl, data should not be stored in "Program Files", it should be in "C:\ProgramData". Or in "%systemroot%\System32\config\systemprofile" (typically "C:\WINDOWS\system32\config\systemprofile"). You would still need to create the ProgramData folder in your setup script. edit to add: "C:\Program Files" on Windows is like "/usr/bin" on unix/linux - you don't put data in there. |
Unless I'm missing something, the
DnsService
Windows Services does not need to run as theSYSTEM
account, as such, it should run asNT SERVICE\DnsService
.These types of accounts are automatically managed by Windows and do not need a password.
They also have a predictable SID in the form of
S-1-5-80-<SHA-1(uppercase(service name))>
(e.g.S-1-5-80-908493856-1104173099-1205760238-637266923-2292294691
).The gist to configure a Windows service to use then is:
The full example is at:
The text was updated successfully, but these errors were encountered: