I'm having trouble with the Process class. I have a Windows Service running as SYSTEM and I want it to spawn processes on behalf of users. I get the user's password there securely and create a SecureString. I get a Win32Exception "Access Denied" on Process.Start. If I run the service under the same account as the user I want to start for, I still get the exception except it says "The handle is invalid". I've checked and checked the SecureString and I've made it read-only so I don't think that's it. I actually had gotten it to work some time ago if I impersonate the client but this isn't really practical since the job can be queued up waiting for some time. I've signed all the assemblies involved and I've given the service assembly full trust (I think).
I included some code. Couldn't figure out how to add it nicely.
Anyone have any idea what I might be doing wrong Maybe this is not possible.
Thx
Dave
string arguments = machine + " -l " + account + " ls -l";
Process process = new Process();process.StartInfo.FileName =
"rsh.exe";process.StartInfo.Arguments = arguments;
process.StartInfo.Domain = domain;
process.StartInfo.UserName = user;
process.StartInfo.Password = p
assword;process.StartInfo.WorkingDirectory = workingDirectory;
process.StartInfo.UseShellExecute =
false;process.StartInfo.RedirectStandardOutput =
true;process.StartInfo.RedirectStandardError =
true;try{
process.Start();
}
catch (Win32Exception we)
{
throw we;}
catch (Exception ex){
throw ex;}
Process class used from Windows Service fails
Dana Reed
Please - reply to my questions - I've been handling with this problem for several months...
mh433493
The Service runs under a different account with less promission, unless you have specified an account to run this service.
If you want to run specific code under a other account you can use Impersonation, i've writen a helper class that makes live easy: Impersonation class, C# Source.
Bernybon
-one resposible for restarting GUI application (Local System + Desktop inteaction)
- second reading files from network drives (User account)
The services can comunicate via Service Controller class instance, or even network ports (Service Controller seems better way).
In my case this solution isn't possible - the restarted program needs an access to desktop and network. :(
chrisexv6
Nicolas V
These network disks are under Novell . The user connection is by novell client for windows. The Novell user and password are of course different fromWindows user and passwd. However - the service (with account set for LOCAL SYSTEM) doesn't have novell disk access( even though Administarator has an access from windows explorer to these disks), but service can start a windowed application :(
If the service account is set for Administrator - service has an access for novell disks, but no access to the desktop and cannot run an aplication with window (the application starts as process, but no form appears).:(
Martha Wieczorek
SteveS_MS
I need a service which is able :
- to interact with desktop
- to have an acces to network drives (on Novell network)
In service manager I can:
-set interaction with desktop , but then I must set the account for LOCAL SYSTEM and network disks access is impossible
-set network access (Administrator account), but then I have no access to the desktop
:(
But as I can see such services as McAffee VirusScan can have a symultaneous access to desktop and network drives....
Michael Wayne
Gomathi Sarma
Hi Misiu_Mietowy,
I totally understand what your situation is since I'm facing the same problem as you do, ie: I would like to launch an external .exe file within the service (so I need to checked the "Interact with desktop" box, and at the same time, the service needs to access the network drive (so I have to run this service from other accounts instead of the local account, and so "Interact with desktop" can't be chosen)...... did you figure it out somehow for this problem Thank you.
Louis
doakwolf
A bit more info...
If I let the system account interact with the desktop and set the Process.Filename = "notepad.exe" with NO user, it works fine. If I set the user/domain/password I get the "access denied" Win32 exception. i'm currently logged in as that account and I even have admin priv, so why the access problem
ronnotel
I don't see any problems with this at all.
Why is this impossible
This is incorrect, you can have access to the desktop on a administrator account.
webwize
I don't know what you mean with interact, but if you mean reading the desktop you must know that the desktop of a user is just folder, so you can read this from the logged user of let the user specify it.
Your service can't get any promission to network disks if this isn't given by the user. This is because otherwise a service could be installed on the PC I'm working now and it can read the all network drives in this company. It can it, as I give him the promissions to do that.
So, you can let the user specify the credentials of an account to use for the network drives and use impersonation before reading them or the user can let your service run under a specified account.
Can you please provide more information about the purpose of the service you're developing What do you mean with interact with the desktop and why can't the user give promissions
Matthew deWet
However I write reports of my work. If you want to have a look then go to:
http://www.potyczki.cba.pl/raporty/raport%206XI-9XI.pdf
http://www.potyczki.cba.pl/raporty/raport%2016X-25X.pdf
http://www.potyczki.cba.pl/raporty/Sprawozdanie%2026X-3X.pdf
A little problem for you can be, that they are not in English, but Polish.
Regards
RogerDontLikeReports