security issue with with windows service account

20 Jan 2006 1:57 AM

Hank

Hi,
My windows service application contains an IpcChannel which listens msg from
client.
If I install it with MyServiceProcessInstaller.Account="LocalSystem" or
"LocalService", or "NetworkService". Then I got an exception
"System.Runtime.Remoting.RemotingException: Failed to connect to an IPC
Port: Access is denied" when client IPC channel try to connect to service.

However If I install my service with
MyServiceProcessInstaller.Account="User". Then everything is fine. in this
case both client and server running under the same username.

My goal is to install the service as "LocalSystem" or "LocalService", client
can be any user and group. since I leave the "authroizedGroup" channel
property as default and there is no security setting for IPC channel, I am
thinking the problem is not in the IPC channel configuration, rather I need
to configure Windows service properly.

Your advice is highly appreciated!

Hank

20 Jan 2006 6:14 AM

Dominick Baier [DevelopMentor]

hi,

why do you want local system?

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Show quoteHide quote

> Hi,
> My windows service application contains an IpcChannel which listens
> msg from
> client.
> If I install it with MyServiceProcessInstaller.Account="LocalSystem"
> or
> "LocalService", or "NetworkService". Then I got an exception
> "System.Runtime.Remoting.RemotingException: Failed to connect to an
> IPC
> Port: Access is denied" when client IPC channel try to connect to
> service.
> However If I install my service with
> MyServiceProcessInstaller.Account="User". Then everything is fine. in
> this case both client and server running under the same username.
>
> My goal is to install the service as "LocalSystem" or "LocalService",
> client can be any user and group. since I leave the "authroizedGroup"
> channel property as default and there is no security setting for IPC
> channel, I am thinking the problem is not in the IPC channel
> configuration, rather I need to configure Windows service properly.
>
> Your advice is highly appreciated!
>
> Hank
>

20 Jan 2006 4:28 PM

Hank

Actually I want to install my windows service as either "LocalSystem",
"LocalService" or "NetworkService".
So once installed, other users with different group can use it once they
logon to the PC.
It doesn't have to be "LocalSystem", but I hope it can be one of the above
three.

Thanks!
Hang

Show quoteHide quote

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be631954d58c7eba847701650@news.microsoft.com...
> hi,
> why do you want local system?
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Hi,
>> My windows service application contains an IpcChannel which listens
>> msg from
>> client.
>> If I install it with MyServiceProcessInstaller.Account="LocalSystem"
>> or
>> "LocalService", or "NetworkService". Then I got an exception
>> "System.Runtime.Remoting.RemotingException: Failed to connect to an
>> IPC
>> Port: Access is denied" when client IPC channel try to connect to
>> service.
>> However If I install my service with
>> MyServiceProcessInstaller.Account="User". Then everything is fine. in
>> this case both client and server running under the same username.
>>
>> My goal is to install the service as "LocalSystem" or "LocalService",
>> client can be any user and group. since I leave the "authroizedGroup"
>> channel property as default and there is no security setting for IPC
>> channel, I am thinking the problem is not in the IPC channel
>> configuration, rather I need to configure Windows service properly.
>>
>> Your advice is highly appreciated!
>>
>> Hank
>>
>
>