Always start the service as a NetworkService, even in interactive mode
I have a service application that supports both launching both service and interactive mode. Service registration i is performed as user NetworkService; interactive mode works as a computer administrator (ordinary users do not have access to the program).
Now some resources (for example, files) are available only to the user NetworkService
. Can I somehow tell the program to run the code like NetworkService
, even if it is run by the administrator?
source to share
In general, you can change the file permission if you have administrator rights.
Or run the code as NetworkService account using PsExec.exe as described here
source to share
Now some resources (for example, files) are available only to the NetworkService user. Can I somehow tell the program to run the code as a NetworkService even if it is run by an administrator?
NetworkService is a low privilege account. The administrator is high priority. Having a situation where files are available NS, but does not make admin somewhat unusual. While it is true that the administrator has the right to impersonate most accounts ( WindowsIdentity.Impersonate()
see Hans's link for issues with issuing NS), I would reconsider and make sure this is really necessary. It is much more likely that the files in question can and should be ACL-ed differently so that both NS and local administrators can access the file.
Also consider separating your application into a service component that always runs as a service and a user interface component that an administrator can call. Ask the interface to interact with the service over some protocol, for example. via LRPC or shared memory even HTTP.
source to share