|
Posted by Martin X. on October 31, 2007, 4:56 pm
Please log in for more thread options
Good, I'm glad that it was working. I would not recommend running any
services under the LocalSystem account if that service needs access to a
remote server, which is what you are trying to do. What you should do is
create a DOMAIN user account to run your service under. Let's call the
account RicardoService.
1) From Active Directory Users and Computers
'- ANDROMEDA2003.jusan, create a regular user account named
RicardoService. Since this is a domain account, any computer that is a
member of the domain can use the account. This is one of the major reasons
why you want to use a Windows domain.
2) Give ANDROMEDA2003\RicardoService permission to the Recordings folder via
"Sharing" and "Security."
3) On CORREO, give the account ANDROMEDA2003\RicardoService rights to run as
a service. See
http://help.globalscape.com/help/secureserver3/Log_the_server_on_as_a_service.htm
and
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/gp/546.mspx?mfr=true
This should now work the same way as it did in the work group.
--
Regards,
Martin X.
Microsoft Certified Systems Administrator: Messaging
Philadelphia, Pennsylvania, USA
Great!! Thank you very much, Martin!
I have it working now!
But now I have another similar problem to ask about...
I have to go a step further:
My scenario so far was win2000 and win2003 without domain, in the same
working group; and my service running with the account "Ricardo", created
in both computers with the same name and password.
Now I need my service working in the following scenario:
- win2000 (CORREO) and win2003 (ANDROMEDA) **domain server**, that is: now
we have domain, which is: "ANDROMEDA2003.jusan"
- And I need my service account to be the services default account, that
is: "LocalSystem" (and not "Ricardo").
According to the documentation that I found on the internet, Local System
account appears on the network as DOMAIN\<machine name>$:
http://www.microsoft.com/technet/security/guidance/serversecurity/serviceaccount/sspgch02.mspx#EBH
So I have added CORREO as a computer at:
Active Directory Users and Computers
'- ANDROMEDA2003.jusan
'- Computers
And then I've given full control permission (both in Security and Shared
tabs), folder "Recordings", to CORREO$ (ANDROMEDA2003\CORREO$).
With this, my service running on CORREO should be able to write on
\ANDROMEDA\Recordings... But it isn't! Again: Access denied.
What do you think of this?
Any other hints, or steps to follow...?
Kindest regards, thank you very much once again,
Ricardo.
|
| Similar Threads | Posted | | Win2003 SP1 remotely restart service | June 14, 2005, 1:02 pm |
| Allow user to restart service remotely | July 27, 2007, 11:28 pm |
| Re: Previous post should say Grant user right to remotely start stop Service - can anybody help? | March 10, 2006, 1:04 pm |
| Writing security rules for Server 2008 | February 22, 2008, 9:36 pm |
| remotely administering Bastion servers | April 2, 2007, 6:34 pm |
| Remotely query local policies | January 10, 2008, 4:42 pm |
| How to allow non-admin to run scheduled tasks remotely? | July 24, 2008, 1:18 pm |
| Error in my security log when attempting to browse site remotely | September 6, 2005, 3:20 pm |
| Re: Grant user right to remotely start stop server - can anybody help? | March 10, 2006, 12:32 pm |
| Re: Grant user right to remotely start stop server - can anybody help? | March 10, 2006, 12:41 pm |
|
XML Sitemap