[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Program running as a service is unable to access mapped drives

Posted on 2004-11-08
16
Medium Priority
?
144 Views
Last Modified: 2010-04-13
I have a backup program that I want to run as a service (which is supported by the vendor), but when I install it as a service it cannot access any mapped drives (which again is supported by the vendor).  I get an access is denied when I double click on the mapped drive from the backup program.  The mapped drives can be accessed just fine from within my computer so it is the service that is creating the problem, plus the program can access the mapped drives when not running as a service.  I found a MS bulletin that covers this issue but only on Windows NT.  I am working with Windows 2000 Pro, Server and XP.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;122702

I am sure there is something similar that I need to do on the Windows 2000 pro clients to allow for the drive access.  I am starting the service usingthe local service account and it has to interact with the desktop.  I have tried starting the service using a different credential but it will not interact with the desktop.
0
Comment
Question by:murryc
  • 8
  • 6
  • 2
16 Comments
 
LVL 9

Expert Comment

by:paraghs
ID: 12530754
Go to Control Panel -> Administrative Tools -> Services.

Locate the service that has been installed by your backup programme.
Check the name under "Log On As" column. If it is LocalSystem (most probably it will be), right click that service, click on Properties.

Under the tab "Log On", click on radio button "This Account", choose your Administrator account, give its password.

Restart your computer. Now your backup program should access your mapped drives.
0
 

Author Comment

by:murryc
ID: 12533935
I can do that, but the service will start and show that it is running, but it does in interact with the desktop so I am unable to open its interface.  If I try to run the program using its shortcut it tells me to open the program from the system tray because it sees that it is already running.  Is there anyway I can do what you suggest but also have it interact with the desktop?
0
 
LVL 9

Expert Comment

by:paraghs
ID: 12540739
Sorry murryc,

I am not aware how can you make a service interact with desktop.

I can only suggest a roundabout.
Whenever you need to interact with your programme, stop the service, kill its application from Task Manager, and run your programme. Now you can make changes to your programme options.

When your service restarts (either manually, or on next Windows start), your changes made to the programme will be valid.
0
Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

 

Author Comment

by:murryc
ID: 12540823
good point, I would still like to leave this open to see if anyone else has an idea
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12671026
Hi, murryc.

It seems like you're in a "Catch-22" situation.  If you set the service to use a different set of credentials, then you can't check the "Allow service to interact with desktop" option.  On the other hand, if you stay with the system account and check the box to allow the service to interact with the desktop, then the service can't access the mapped drives.  Before I suggest a remedy, I've a question and a comment.  The question first: why does the program need access to mapped drives?  Is it because it's backing up other computers?  And now the comment.  It's unusual and not recommended for services to interact with the desktop.  Most services don't.  They may appear to but that's usually accomplished by a second program, not a service, that's visible on the desktop and communicates behind the scenes with the actual service.  If you go through the properties of the services installed on your system you're likely to find that the majority aren't set to interact with the desktop.

Okay, let's see if we can find away around the problems.  To interact with the desktop you're going to have to leave the service set to run under the System account.  That leaves the problem of accessing mapped drives.  The only solution I can see for that is to grant the System account on the machine with the backup software access rights to the mapped drives.  To do that you'll need to go to the machines the drive letters map to and grant the system account from the backup machine rights to the shares.  To do this you'll need to follow the same steps as you would to grant any account permissions in NTFS.  If you need specific instructions on how to do that, then let me know.
0
 

Author Comment

by:murryc
ID: 12671279
BlueDevilFan..please do give me further details on setting up those permissions.  Your right about the mapped drives.  The program is backing up data across those drives.
0
 
LVL 76

Accepted Solution

by:
David Lee earned 2000 total points
ID: 12694958
Here are the steps for setting the permissions.  These are done on the remote machines, i.e. not the one running the backup program.  I'm also assuming, though you haven't said, that the computers in question are all members of a domain.

1.  Launch Windows Explorer.
2.  Right-click on the C: drive and select Properties.
3.  Click the Security tab.
4.  Look and see what accounts have permissions.  On most Windows machines I believe you'll find that the group Everyone has full access.  If that's the case, then click Cancel to close the dialog-box.  Otherwise, report back on what accounts have permissions.  Close the dialog-box.
5.  Right-click on the share, or the first share if there are multiple shares, that you are mapping too on this machine.  Select Properties.
6.  Click on the Security tab.  
7.  Look and see what accounts have permissions.  If the group Everyone has permissions, then I can't see why the system account the backup service is running under is having problems mapping a drive.  Everyone is quite litteraly any account that can get to the machine.  If Everyone does not have permissions, then move on to step 8.  Otherwise, stop here and report back what you've found.
8.  Open Control Panel->Administrative Tools->Computer Management->Local Users and Groups->Groups.
9.  Right-click on Backup Operators and select Properties.
10.  Click Add.
11.  Click the pulldown next to "Look in" and select the computer running the backup program.  This should bring up a list of all accounts on that computer.
12.  Scroll through the list of accounts until you find SYSTEM.  Select it, then click the Add button.
13.  Click OK.
14.  Go back to Windows Explorer.
15.  Right-click on the share, or the first share, that you map a drive to.  Select Properties.
16.  Click the Security tab.
17.  Click Add.
18.  Verify that the current computer is selected in the "Look in" pulldown.  If it's not, select it.
19.  Scroll through the list of accounts until you find Backup Operators.  Select it, then click Add.
20.  Click OK.
21.  Click the Modify checkbox under Permissions.
22.  Click OK.
23.  Repeat steps 15-22 for each share on the computer that the backup program maps a drive to.  If this was the only one, then move on to the next PC and repeat steps 8-22.

What these steps do is add the System account from the backup computer to the local Backup Operators group and then give that group the necessary permissions to access the share the backup program is mapping a drive to.  It's always better to assign permissions to groups than to individual accounts.  Later on if you want to remove permissions, then just remove the account from the Backup Operators group.

I hope this helps.
0
 

Author Comment

by:murryc
ID: 12696603
I have one company that is a domain and another company that is not running a domain.  Will this solution work on the computers not configured as a domain?
0
 

Author Comment

by:murryc
ID: 12696826
I do not like the idea of giving everyone permission to view the contents of the shares.  if we are backing up files on that share then there is likley important content that needs to be controlled in regards to access.  is there a way to just give the system account access instead of everyone.  I tested your solution and it did work when I told it to allow for everyone.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12698553
I agree that granting Everyone access is a potential problem and that's why I didn't say to grant permissions to the Everyone group.  What I said was that by default Everyone usually has permissions.  In other words, that's the way Windows is configured out of the box.  I really just wanted you to check and see what permissions are in place.  If Everyone already had permissions and the account the service was running under still couldn't access a mapped drive, then we'd have a completely different problem than if Everyone didn't have access.  If you put the System account of the machine with the backup software in the Backup Operators group on all the other comptuers and then grant Backup Operators access, that should solve the problem.  I don't think that'll work in the non-domain setting though because on those machines you aren't given the opportuinty to choose an account from another computer.  Instead, I believe you are limited to choosing an account from the local computer.  
0
 

Author Comment

by:murryc
ID: 12700610
well said....

Is there a way to create the system account on the non-domain computers so that it will work your is there just no way a non-domain configuration will happen.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12701449
Let me see what I can come up with.  I'll post an answer within 24 hours.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12705300
Good morning.

I searched but cannot find a solution for the non-domain computers.  According to my experience and everything I've read computers that are not in a domain can only grant rights to accounts on the individual computer.  Sorry, I don't see a way around this.  

As a matter of curiosity, what backup software are you using?
0
 

Author Comment

by:murryc
ID: 12707183
Rbackup...www.remotebackup.com....I am actually a provider.
0
 

Author Comment

by:murryc
ID: 12740217
figured out that you can access shared folders and drives just fine.  it was the administrator mapped drives that were not working.  i.e  \\computer\c$  the system account would never be able to access those drive shares because they are admin access only.  I did though have to implement the above registry solutions that I posted in first question that came from the software vendor and the solution works on both non-domain and domain computers.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12741093
Cool!  Glad it works.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses
Course of the Month17 days, 14 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question