How do I get Topshelf to run as a specific domain user account? I have in the configuration
x.RunAs("domain\username", "password");
I have in the code a console statement that prints out the Windows Identity that the process is running under. It is not the one I specified.
The code snip-it you indicated is the correct method to apply a user. A couple of things apply to this...
This only works for windows services, if you run it as a console app it will still run as you
All shelved processes run as the host user, so shelves will ignore any user settings
You can double check the user the service is registered to run as by going into services in mmc, find your service, goto the properties panel, and there's a Log On tab which will display the user the service is to run under.
If you are just running as a console app, just servicename install start and it should be running as the user it's been setup for.
If this doesn't help, reach out on the mailing list http://groups.google.com/group/topshelf-discuss.
Related
We have written a Windows Service that is planned to be deployed to many or all client windows machines in a company. For technical reasons this service has to be run under the logged in user (i.e. not under LocalSystem or any Service Account).
Furthermore it's a requirement that our software has to be deployed using an installer that requires no user interaction (e.g. silent mode is fully supported).
We now face the problem that we are unable to install our service without having the user to provide it's credentials.
My question now is:
Is it possible somehow either during the installation process or in a start up script of the end user to have a service registered or started up without having to enter the users credentials?
If that is not possible (which I assume): Is it possible to start a process as a regular process and
have it register itself as a service at startup, so it appears in the Services panel?
Any help or idea is appreciated.
I was installing the filebeat application and I noticed that I needed to run powershell as administrator in order to install them. When I checked the service using wmic service get name,startname,status it showed Local System. I'm wondering what this account is as this is neither the user account or the administrator account. Will this always be the case when I install services as administrator? What is the difference if I install it as a normal user and as administrator?
In any case, I've set this service to start automatically when windows start. Would this service start only when the user I used to install it logs in or will it start regardless of which user logs in?
OK, let's unpack that one by one, in no particular order:
Only a user with administrator rights can install a service.
Services that are configured to start automatically are started as soon as Windows is up and running; Windows does not wait until somebody logs in. It makes no difference to the service who the logged-on user is, or whether anybody is logged in at all, unless the service application itself has been explicitly programmed to check.
The program that installs the service decides what account the service uses to run. Windows doesn't care what user account was used to install the service, it doesn't even keep track.
If the program that installs the service wants it to use an ordinary user account, it must know the password for that account. There are various special accounts that a service can run in, these accounts do not require a password. One of these special accounts is Local System.
Local System is the highest-privilege service account in Windows; it has all the same rights as an administrator, and can do things an administrator can't. Local System is also the account that the user-mode part of Windows itself runs in, roughly equivalent to the UNIX root account except that it doesn't have a password.
Additional notes, for completeness:
One alternative to Local System is for the service to run as Local Service or as Network Service, which are non-administrative service accounts. The only difference between the two is that if the computer is joined to an Active Directory domain, the Network Service account has network access to other machines in the domain and the Local Service account does not.
It is also possible to configure a service to run in a special service account that is unique to that particular service. This is mostly useful if you want the service to have access to a particular file or folder, but do not want to give it administrator rights.
Nitpickers corner:
It is I believe technically possible to reconfigure Windows to allow non-administrators to install services, but this is not supported and would be a Very Bad Idea. If you did, though, it would still make no difference who installed the service. Windows doesn't record this information.
There is an option to configure a script to run as part of a plan for Bamboo. However, when I try to run a particular batch script, it fails. When I run it as the Administrator user from the remote desktop instance, it does not fail. I am assuming that the issue is that the script is not being run as an administrator, but as the Bamboo user. Is there a way to run a particular batch script as an administrator? I am using an elastic EC2 instance from AWS with Windows Server 2008 R2.
Here is my current setup:
By the way, this is part of an alternative attempt at this question: Boot EBS volume from Bamboo instance
I have not used bamboo, but to allow a Windows service to run commands as an administrator, first the service itself must have administrator privileges. Otherwise, it will be denied. Change the service user in the Windows services control panel. These are the generic instructions on how to change the service user:
Run services.msc
Find the target service
Open the properties for the service
Select the Log On tab
Select Use this account and enter an account on the server that has administrator privileges
Restart the service
I'm wishing to use Visual Studio Load Tests to perform some load testing.
I was hoping to be able to use the counter monitoring that the Load Test provide in order to collect performance statistics from the web server I'm loading.
However there only seems to be support for connecting to machines you wish to monitor via your domain credentials. From http://msdn.microsoft.com/en-us/library/ms182594.aspx, section "To specify computers to monitor with counter sets during load test run"
On each server that you monitor, you must have sufficient user permissions to run performance monitors. Otherwise, errors are generated.
There seems to be no way to provide specific credentials to use to connect to machines you wish to monitor. As the web server I wish to monitor does not belong to a domain, I don't see any way to monitor it using VS Load Tests.
Is there some way to monitor it using VS Load Tests that I've missed?
There seems to be no way to provide specific credentials to use to connect to machines you wish to monitor
There is a way to do this. On Windows 7 it is called Credential Manager and you can access it either by searching for Manage Network Passwords on your Start Menu or via Control Panel > User Accounts. On older versions it was called Stored User Names and Passwords, also accessible via Control Panel > User Accounts.
In a nutshell, it allows you to specify alternative credentials for remote systems. Once you have set up credentials, it works completely invisibly and automatically for remote connection attempts from any application applications that support it, including Visual Studio collecting remote Perfmon data.
NOTE that you have to set up the credentials on the account that actually runs your load tests. If you are only running local load tests with no Controller then that's your own account. However if you run a Controller/Agent rig, the Controller may be configured to run under a service account (i.e. check the account running "Visual Studio Test Controller" service or QTController.exe). You have to login as that account and add the credentials.
I've found the following which is working for me. I'm just running the net use commands by hand because I don't want the user name and password in source control.
To get this working you will need to manually open an IPC channel to
the SQL and IIS machines with an account that has permissions in that
domain. This allows the account running the load tests to "piggyback"
across that IPC channel.
i have found this site to be a great help getting this going myself.
http://blogs.catapultsystems.com/tlingenfelder/archive/2009/06/18/performance-counters-timeouts-and-load-testing-with-visual-studio-2008.aspx
what you can do is create a small bat file and set it up to run in the
.testrunconfig file as a setup script.
net use \\SQLSERVER\IPC$ password1 /user:DOMAIN1\USER /persistent:yes
net use \\IISSERVER\IPC$ password2 /user:DOMAIN2\USER /persistent:yes
I have a service that logs in as a specific user. The service works great when the user logs in, but won't start until they do so. Is there some kind of a setting I am missing?
This is running on a Windows 7 Ultimate box.
The user is an administrator of the box and the service is set to automatically start.
No errors are in the application log, and the service runs like a champ once the user logs in (without having them start it).
Does the user have privileges to start Windows Services (the user policy)? You can try using ntrights.exe to make sure that he does. Also, can you start the service from Services.msc when logged in another account?
I think this is a privileges problem. Either the service login information is incorrect or the user cannot start services.
This was a fun one, but I figured it out this morning.
The issue is that the server was a clean Windows 7 Ultimate install. That means the power management functionality was set to default which causes the machine to power down after 30 minutes, hence the service would stop running. Fixed the power management settings to never sleep and running like a champ.
Thanks for the input folks.