3

I need to access to a shared resource with a windows service using local system user. I have a try with the class UserImpersonation, but it only works in debugging. When I install my service, I can't access to a shared folder.

I have read about this topic, and I would like to know if the only way is to create an user with network credentials and execute the service with this user.

Community
  • 1
  • 1
farho
  • 33
  • 1
  • 7
  • You can find many resources which deal with this http://stackoverflow.com/questions/6016388/accessing-shared-folder-over-a-network-in-windows-service http://serverfault.com/questions/135867/howt-to-grant-network-access-to-localsystem-account – JotaBe Mar 28 '12 at 10:12

2 Answers2

2

You can have the service run under an account (not necessarily NetworkService as in the screenshot) for which you've provisioned network access. To do this, go to your services manager, and right click on properties:

enter image description here

There are two types of permissions you have to consider when accessing network share, which you have to make sure that the account you use has: Share and NTFS permissions

Tung
  • 5,334
  • 1
  • 34
  • 41
  • @DavidHeffernan, the Network Service is just something that was configured when I took a sample screenshot. I was simply answering the "execute as a user" part of the question. I will clarify my answer. – Tung Mar 28 '12 at 10:23
1

Your final paragraph of your question contains the answer. The service runs in the context of a specific user. You need to make sure that this user can access the resource in question. It's not uncommon to create dedicated users just for a particular service for this very reason.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • @JotaBe Because it won't have access to the shared resources, unless explicitly granted. – David Heffernan Mar 28 '12 at 10:19
  • Of course, it won't have permissions, but only until you grant them. But once you grant permissions to a machine's account in a network resource, a service running under network service account will be able to access the resource. I think Network Service is safer because no user can log on with that account, and requires less maintenance, because you don't have to use passwords. – JotaBe Mar 28 '12 at 10:24
  • @JotaBe OK, you could do it that way. Plenty of approaches work, but the 3rd sentence in my answer holds no matter what. That's the point. – David Heffernan Mar 28 '12 at 10:29