PDA

View Full Version : Service Installation Considerations



NewsArchive
04-25-2017, 01:53 AM
This isn't a Setupbuilder problem per se, but I'm hoping someone here
might have some advice for me.

We have a service deployed that has been running under the Local
System account since the beginning (years and years). It was always
okay because everything that it did was local to the server. Now we
need to be able to access network paths via UNC paths that don't
support a NULL session. So we need to use a different account than
Local System.

My problem is that we need to provide the username/password for the
service in order to install it under another account. I would rather
avoid having to ask to become a middleman app (unless your app is a
girl) for a user's Windows credentials, as we're on some pretty secure
sites.

I'm thinking of leaving my SB Service Installation as a SYSTEM, and
then letting the system admin change the service's user/pass via the
system's services UI.

I guess another option could be to add another user on the fly just
for this service, but that seems even less polite than asking for a
user's login credentials.

What do other folks do?

Is there a way to call up the service properties window directly?
e.g., the update windows from the the services.msc. If I could do that
from my SB project, that would be cool.

Thanks.

Jeff Slarve
www.jssoftware.com
Twitter free since Jan 11, 2016
I'll search help files & Google for you.

Grammar troll's, are the worse.

NewsArchive
04-25-2017, 01:53 AM
No answers to your specific questions, Jeff.

But one other consideration in somewhat locked-down environments is password
policies. It's possible that your network people may want to use managed
service accounts. https://technet.microsoft.com/en-us/library/dd548356.aspx

jf

NewsArchive
04-26-2017, 02:08 AM
Thanks a lot Jane. :)

I'll see how much I can insulate our support team from having to
become I.T. people.

Jeff Slarve
www.jssoftware.com
Twitter free since Jan 11, 2016
I'll search help files & Google for you.

Grammar troll's, are the worse.

NewsArchive
04-26-2017, 02:09 AM
We have a special OU in Active Directory that contains what we call service
accounts. The type of account you are describing would come under that
definition. We usually have a discussion with the vendor to find out what
the minimum access requirements are and create the account with specific
access limitations neded for the application.

Hope that helps,

m2

NewsArchive
04-26-2017, 02:10 AM
Thanks Michael

Jeff Slarve
www.jssoftware.com
Twitter free since Jan 11, 2016
I'll search help files & Google for you.

Grammar troll's, are the worse.