Click here to get back home

Howto : programatically give NTAUTHORIRTY\Network Service account write permission on a directory
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Howto : programatically give NTAUTHORIRTY\Network Service account write permission on a directory Ste 08-04-2005
Posted by Ste on August 4, 2005, 9:38 pm
Please log in for more thread options
 I have a windows service running under the "NT AUTHORITY\Network Service",
the service needs to writes files to a directory.
Using the security property sheet i can manually give the acct write
permissions on the directory - but i want to do this programatically -
ideally via VBScript or a Batch File.

Why???

I am using Visual Studio to create an installer for my service and would
like to invoke the VBScript/Batch file as a custom action during the
installation. Thus saving a manual configuration

Thanks


Steve




Posted by Joe Richards [MVP] on August 4, 2005, 7:12 pm
Please log in for more thread options
 Why??

I think that is for you to answer.

If you mean How?? You need to write a script that manipulates the ACLs, I would
recommend start looking at the IADsSecurityDescriptor interfaces and mechanisms.

Start here

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadssecuritydescriptor.asp?frame=true


--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Ste wrote:
> I have a windows service running under the "NT AUTHORITY\Network Service",
> the service needs to writes files to a directory.
> Using the security property sheet i can manually give the acct write
> permissions on the directory - but i want to do this programatically -
> ideally via VBScript or a Batch File.
>
> Why???
>
> I am using Visual Studio to create an installer for my service and would
> like to invoke the VBScript/Batch file as a custom action during the
> installation. Thus saving a manual configuration
>
> Thanks
>
>
> Steve
>
>


Posted by Ste on August 5, 2005, 7:52 pm
Please log in for more thread options
lol

The "why???" was meant as why am i doing this ... which was answered in the
post


> Why??
>
> I think that is for you to answer.
>
> If you mean How?? You need to write a script that manipulates the ACLs, I
> would recommend start looking at the IADsSecurityDescriptor interfaces and
> mechanisms.
>
> Start here
>
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadssecuritydescriptor.asp?frame=true
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Ste wrote:
>> I have a windows service running under the "NT AUTHORITY\Network
>> Service", the service needs to writes files to a directory.
>> Using the security property sheet i can manually give the acct write
>> permissions on the directory - but i want to do this programatically -
>> ideally via VBScript or a Batch File.
>>
>> Why???
>>
>> I am using Visual Studio to create an installer for my service and would
>> like to invoke the VBScript/Batch file as a custom action during the
>> installation. Thus saving a manual configuration
>>
>> Thanks
>>
>>
>> Steve




Posted by Ste on August 4, 2005, 9:43 pm
Please log in for more thread options
Further information

OS - Win2003 Ent Ed




Posted by Roger Abell on August 5, 2005, 5:45 am
Please log in for more thread options
Your most quick solution would be use of an execution of
cacls (with the /e /t /g set of switches). I think you can count
on this being present on all currently supported Windows
releases.
Otherwise, if you want to script your own, you might want
to look at how it is done in xcacls.vbs which you can get
from a search at microsoft.com/downloads

--
Roger Abell
Microsoft MVP (Windows Security)

> I have a windows service running under the "NT AUTHORITY\Network Service",
> the service needs to writes files to a directory.
> Using the security property sheet i can manually give the acct write
> permissions on the directory - but i want to do this programatically -
> ideally via VBScript or a Batch File.
>
> Why???
>
> I am using Visual Studio to create an installer for my service and would
> like to invoke the VBScript/Batch file as a custom action during the
> installation. Thus saving a manual configuration
>
> Thanks
>
>
> Steve
>
>




Similar ThreadsPosted
"Network Service" account is UNABLE to write to a network shared folder April 18, 2007, 7:01 pm
Home directory permission soup October 24, 2007, 11:19 am
Restart service permission June 8, 2005, 3:34 pm
Setting Permission to user to start a service October 19, 2006, 4:11 am
Windows 2003 Sp1 Permission Denied on Account??? Help Please October 3, 2005, 11:25 am
HOWTO: Creating a Drop-Only Shared Folder June 9, 2008, 3:05 pm
Service Account Passwords November 29, 2005, 12:32 am
'NT Authority\Network Service' Account July 26, 2005, 4:03 am
Local Administrator as service log on account January 11, 2006, 3:51 am
Creating and verifying Domain trust programatically July 5, 2005, 7:09 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap