3

I created a service installer with WiX. The setup runs with InstallPrivileges="elevated". My service has to access a distant folder, so I want to specify the user attribute to be sure that the service will have sufficient privileges.

I checked the WiX documentation but I only found how to define local system as account.

How can I define a user for the service (maybe the current user)?

<ServiceInstall Id="ServiceInstaller"
                Type="ownProcess"
                Vital="yes"
                Name="$(var.service)"
                DisplayName="$(var.product)"
                Start="auto"
                Account="LocalSystem"
                ErrorControl="normal" />
Stein Åsmul
  • 39,960
  • 25
  • 91
  • 164
A.Pissicat
  • 3,023
  • 4
  • 38
  • 93
  • 1
    You should define "distant folder", is it a network folder? A share name? It seems that you've decided the solution is to give the service a set of credentials, but the problem of accessing a "distant folder" is not well defined. – PhilDW Aug 10 '18 at 16:56

1 Answers1

4

Credentials: You need to specify an account and a password, maybe something like show below (no time to test right now). Note that public properties can be set when installing from the command line using msiexec.exe or via MSI dialogs:

<..>

<Property Id="SERVICEACCOUNT" Hidden="yes" Value="MyUser"/>
<Property Id="SERVICEPASSWORD" Hidden="yes" Value="MyPass"/>

<..>

<Component>

   <ServiceInstall Name="MyService" Start="auto" ErrorControl="normal" Type="ownProcess"
                   Account="[SERVICEACCOUNT]" Password="[SERVICEPASSWORD]" >
   </ServiceInstall>

   <ServiceControl Name="MyService" Start="install" Stop="both" Wait="yes" Remove="uninstall" />

</Component>

Create Local Users: If you need to create local users on the machine you install on, you can use the WiX Util features. Perhaps see this sample on github. Search for "util:User".

Mandatory preaching :-): Personally I don't like services running with user credentials - both for security reasons and for practical reasons (managing the password change process without causing major service disruptions).

More in Section 12 here: How do I avoid common design flaws in my WiX / MSI deployment solution? Please check the links as well - maybe particularly on "managed service accounts"? (step-by-step).

Some Links:

Stein Åsmul
  • 39,960
  • 25
  • 91
  • 164